[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ANN: cvssh - secure ext-to-pserver bridge
From: |
David A. Desrosiers |
Subject: |
Re: ANN: cvssh - secure ext-to-pserver bridge |
Date: |
Thu, 21 Feb 2002 18:59:36 GMT |
User-agent: |
Pan/0.11.2 (Unix) |
> Duh. If you're doing authentication and authorisation on a unix-based
> file server then you MUST, _M_U_S_T_ use a unique system account for
> ever real-world user or else you might as well not use any
> authentication whatsoever. Pserver has NO accountability from the
> system's point of view. None whatsoever. Don't use pserver. Ever.
Except in the cases where using pserver is actually _MORE_ secure
than giving users a valid unix account on your server. I could very well
trust my developers, and give them shell accounts, but I can _NOT_ trust
their machines, their network, their personal accountability when they
are 9,000 miles from my location. I have developers all over the world
using my services, all with pserver, because the "risk" (which there is
none) is completely negligable. The risk of giving out hundreds and
thousands of unix accounts, however.. is _HUGE_. No thanks, pserver is
much, much, much more secure for my needs, and the needs of my developers
in this instance.
Also, giving a user a shell, even chrooted, or blocked from the
ability to log in, consumes much more process and resources on the box,
and definately scales linearly, and is open to much more exploitable
holes than what pserver provides. The risk of sniffing the password is
nil using pserver, since obtaining it gives the "cracker" exactly
nothing. Are they going to commit code on our behalf? Unlikely.
Delete a tag? We can roll back out. It's all negligable.
pserver with strong host-based controls on the open port, using
ACLs provided by cvs, and proper directory and system-level security is
_MUCH_ more secure than opening up a huge, authenticated, valid hole in
your production machine by handing out ssh accounts. For distributed
project development tasks that are being done on the servers, pserver
exceeds. Yes, it's not ideal, but it's better than the other alternatives
I've seen and personally walked right through like water.
Just my 0.02c.
- Re: ANN: cvssh - secure ext-to-pserver bridge,
David A. Desrosiers <=