info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvspserver (freezing cvs repository to rsync to a remote location)

From: Greg A. Woods
Subject: Re: cvspserver (freezing cvs repository to rsync to a remote location)
Date: Sun, 7 Nov 2004 16:01:15 -0500 (EST) 
[ On Friday, November 5, 2004 at 10:38:17 (-0500), Todd Denniston wrote: ]
> Subject: Re: freezing cvs repository to rsync to a remote location
>
> :ext: with CVS_RSH=rsh ; Although setting up .rhosts weakens your system some,
> at least you might figure out which of your real users need to be taken to
> task, for setting it up too open.

Note that RSH does not necessary weaken anything or make anything more
vulnerable all on its own.  If RSH is used in a private, or "virtual
private", network with securely operated hosts it can be as good, or
better, at providing security as SSH can be.


> Not sure about the kerberos and windows methods.

Using Kerberos to authenticate the remote command invocations needed by
CVS is of course no more secure than the entire Kerberos environment in
which it exists.  That should be obvious of course, but sometimes the
obvious needs stating, especially when discussing computer security
issues.  ;-)

Kerberos is notoriously difficult to get right (both in implementation
and more importantly in configuration and operation), and it always has
one extremely critical single point of failure.

Kerberos done poorly is not much better than just using cvspserver, and
y'all know how much I detest cvspserver, though the vulnerabilities are
different.  :-)

Done right though "kerberized" RSH with encrypted data transfer can be
at least as secure as SSH, and may in fact have much more accountability.

I think only large organizations with a great deal of existing security
infrastructure (both in computing and in the rest of their world) can
truly implement Kerberos in any sufficiently secure manner.  I've seen
it done reasonably well in small and very small groups, but the smaller
the group and the less external security infrastructure it has then the
more vulnerable the Kerberos key server will be.

I don't think it would be wise to try to use Kerberos in any widely
distributed environment either, and it's probably not appropriate for
the kinds of things a group like SourceForge would do even if they had a
good security infrastructure outside their computing environment.

-- 
                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <address@hidden>
Planix, Inc. <address@hidden>          Secrets of the Weird <address@hidden>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]