info-cvs archive search

261. Re: security question (score: 164)

Author: HIDDEN

Date: 12 Dec 2002 16:55:33 -0500

We run pserver on a machine behind a firewall and access with redirected ports with ssh. Someone posted on this list a cookbook ssh command to do so... ssh address@hidden -L 2401:host.whatever.com:24

/archive/html/info-cvs/2002-12/msg00172.html (5,730 bytes)

262. Re: Security, audits and pserver (score: 265)

Author: HIDDEN

Date: Thu, 12 Dec 2002 16:20:34 -0500 (EST)

No. Only pserver uses CVSROOT/passwd. -Larry Jones I've changed my mind, Hobbes. People are scum. -- Calvin

/archive/html/info-cvs/2002-12/msg00171.html (6,262 bytes)

263. RE: Security, audits and pserver (score: 259)

Author: HIDDEN

Date: Thu, 12 Dec 2002 12:35:33 -0800

Oh, but that's OK - just set the shells for the users to /bin/false - that'll prevent them from logging in with a shell. And isn't there a way to specify a chrooted home directory in /etc/passwd? Can

/archive/html/info-cvs/2002-12/msg00168.html (5,999 bytes)

264. Re: Security, audits and pserver (score: 275)

Author: HIDDEN

Date: Thu, 12 Dec 2002 14:54:53 -0500

CHARLES HART, BLOOMBERG/ 499 PARK wrote: um, I'm a newbie at CVS, so I've read more of the documentation than anything else, but the answers I've seen so far for the security question seem to have mi

/archive/html/info-cvs/2002-12/msg00167.html (8,500 bytes)

265. Re: Security, audits and pserver (score: 259)

Author: HIDDEN

Date: Thu, 12 Dec 2002 09:11:18 -0800

A chroot environment is only good at containing what's inside it. It does not prevent access to the chroot environment from outside. In other words, chroot is fine for containing servers so that they

/archive/html/info-cvs/2002-12/msg00166.html (6,603 bytes)

266. RE: Security, audits and pserver (score: 259)

Author: HIDDEN

Date: Thu, 12 Dec 2002 19:08:52 +0100

This is not necessarily true, as you can use CVS within a chroot'ed environment. In that case you can prevent your users from getting a shell resp. from executing any commands than the few you allow

/archive/html/info-cvs/2002-12/msg00164.html (6,652 bytes)

267. Re: Security, audits and pserver (score: 272)

Author: HIDDEN

Date: Thu, 12 Dec 2002 09:46:08 -0800 (PST)

SSH (at least SSH2) can be configured in such a way that only CVS can be executed with a particular key pair. I think this means that one would need to subvert CVS or SSH in order to manipulate the i

/archive/html/info-cvs/2002-12/msg00163.html (7,104 bytes)

268. Re: Security, audits and pserver (score: 272)

Author: HIDDEN

Date: Thu, 12 Dec 2002 12:33:27 -0500 (EST)

um, I'm a newbie at CVS, so I've read more of the documentation than anything else, but the answers I've seen so far for the security question seem to have missed one vital point. People have write a

/archive/html/info-cvs/2002-12/msg00162.html (5,996 bytes)

269. RE: security question (score: 166)

Author: HIDDEN

Date: Thu, 12 Dec 2002 18:03:49 +0100

dir? I had actually planned to make CVS available via the web to some people, so I tried to find a secure way of doing so. Instead of using pserver, I followed the instructions by Pascal Burguignon[1

/archive/html/info-cvs/2002-12/msg00160.html (5,780 bytes)

270. Re: security question (score: 186)

Author: HIDDEN

Date: Thu, 12 Dec 2002 08:18:49 -0800 (PST)

Don't use pserver if security "is very important". IMHO, pserver is meant to be convenient, not secure. I believe there's an item in the FAQ on setting up SSH. There should also be a FAQ item on usin

/archive/html/info-cvs/2002-12/msg00158.html (6,520 bytes)

271. Re: security question (score: 164)

Author: HIDDEN

Date: Thu, 12 Dec 2002 11:18:33 -0500 (EST)

Forget pserver, use SSH with individual system accounts. Then you can use normal permissions to control access to directories within the repository. People need read access to a directory in order to

/archive/html/info-cvs/2002-12/msg00157.html (5,949 bytes)

272. security question (score: 176)

Author: HIDDEN

Date: Thu, 12 Dec 2002 10:51:37 -0500

OK, I've settled on either importing our entire ERP source with -kb or writing a script to traverse the sourcetree and check in the files intelligently as either binary or text. (anyone already have

/archive/html/info-cvs/2002-12/msg00155.html (6,267 bytes)

273. Re: New member (score: 14)

Author: HIDDEN

Date: Tue, 19 Nov 2002 15:55:18 -0500

Thanks for the info although you quoted me wrong on my second question, your answer made sense. So to be more specific, I will be setting up CVS for a multi platform, multi OS environment where the d

/archive/html/info-cvs/2002-11/msg00233.html (6,270 bytes)

274. RE: New member (score: 9)

Author: HIDDEN

Date: Tue, 19 Nov 2002 15:23:59 -0500

As has been said, ssh rocks. The other part of your question doesn't make a lot of sense, if you think about it. "What's the best language to use, given that I will have an international user bed?"

/archive/html/info-cvs/2002-11/msg00232.html (5,154 bytes)

275. Re: New member (score: 17)

Author: HIDDEN

Date: Tue, 19 Nov 2002 14:58:32 -0500 (EST)

I suggest reading through the manual, if you haven't already: <http://www.cvshome.org/docs/manual/cvs.html> There is no security using pserver. Use the :ext: method with SSH (secure shell) rather tha

/archive/html/info-cvs/2002-11/msg00231.html (5,027 bytes)

276. Re: Newbie question re: ssh (score: 32)

Author: HIDDEN

Date: Tue, 19 Nov 2002 14:00:33 -0500 (EST)

[ On Tuesday, November 19, 2002 at 08:25:45 (-0500), Robert Koster wrote: ] The password encapsulation and obfuscation is really only a small part of the whole transport layer security issue. TCP is

/archive/html/info-cvs/2002-11/msg00230.html (6,003 bytes)

277. New member (score: 9)

Author: HIDDEN

Date: Tue, 19 Nov 2002 13:44:24 -0500

Hi all, I am a new member of the list as well as of CVS. I am reading through the Open source development book and also ordered the Quick reference guide. Do you have any other suggestions for primer

/archive/html/info-cvs/2002-11/msg00229.html (4,949 bytes)

278. Re: Moving to Pserver from .rhosts (score: 107)

Author: HIDDEN

Date: Sun, 17 Nov 2002 01:46:53 +0100

The problem is not to distribute files, nor handing them out over some network, but to track changes made to them and disabling the ability to accidently overwrite what the other person spent his las

/archive/html/info-cvs/2002-11/msg00190.html (7,178 bytes)

279. Re: Moving to Pserver from .rhosts (score: 113)

Author: HIDDEN

Date: Sat, 16 Nov 2002 15:25:47 -0500 (EST)

[ On Saturday, November 16, 2002 at 12:18:19 (+0100), Fredrik Wendt wrote: ] Then why even bother with remote access via CVS? If that one developer wants to work on files on some other host then they

/archive/html/info-cvs/2002-11/msg00188.html (7,502 bytes)

280. Re: Moving to Pserver from .rhosts (score: 113)

Author: HIDDEN

Date: Sat, 16 Nov 2002 12:18:19 +0100

Greg A. Woods wrote, On 2002-11-15 19:40: [ On Friday, November 15, 2002 at 17:08:16 (+0100), Fredrik Wendt wrote: ] It has the advantage of not having the user at the cvs server adding/rewriting fil

/archive/html/info-cvs/2002-11/msg00185.html (7,924 bytes)