info-cvs archive search

361. New version of CVS ACL (permissions) patch - security fix (score: 166)

Author: HIDDEN

Date: Tue, 23 Oct 2001 14:49:14 -0500

I have released a new version of the CVS ACL patch that I maintain to fix a rather stupid security bug. It's on my web page (http://members.home.net/minyard) and it is the "perm13" version. If\ you u

/archive/html/info-cvs/2001-10/msg00871.html (4,615 bytes)

362. Re: CVS Owners / Permissions (score: 9)

Author: HIDDEN

Date: Mon, 22 Oct 2001 11:25:55 -0400 (EDT)

You have to use a CVSROOT/passwd file to map every CVS user to "rcs". See: <http://www.cvshome.org/docs/manual/cvs_2.html#SEC30>. -Larry Jones Wheeee. -- Calvin

/archive/html/info-cvs/2001-10/msg00844.html (4,950 bytes)

363. CVS Owners / Permissions (score: 9)

Author: HIDDEN

Date: Mon, 22 Oct 2001 10:07:01 +0200

I have been using CVS 1.10 for some time, over a number of projects using both CVS and WinCVS clients. Authentication is using pserver; the server is running on a Linux box using inetd, which is conf

/archive/html/info-cvs/2001-10/msg00834.html (5,172 bytes)

364. Re: cvs or rcs permissions in a secure environment (score: 25)

Author: HIDDEN

Date: 15 Oct 2001 21:56:25 -0500

That's a loaded question on this mailing list :-). My answer is (along with just about everyone elses on this list) - Don't use plain pserver if you are at all interested in security. It transmits al

/archive/html/info-cvs/2001-10/msg00681.html (6,650 bytes)

365. RE: CVS behind a firewall. (score: 12)

Author: HIDDEN

Date: Sat, 13 Oct 2001 08:06:50 -0700

This is not a CVS question. This is a firewall administration question. You'll have better luck asking a networking group. Having said that, as a guess you have a far too restrictive firewall. If you

/archive/html/info-cvs/2001-10/msg00605.html (6,301 bytes)

366. CVS and remote SSH access (score: 21)

Author: HIDDEN

Date: Fri, 5 Oct 2001 12:58:11 +0200

hi all, i am sure somebody here will ba able to help me out with my small problem... i seem to have difficulties using cvs through ssh first let me explain my config: - linux-box (mandrake 8.1) with

/archive/html/info-cvs/2001-10/msg00228.html (6,732 bytes)

367. RE: CVS access control (score: 12)

Author: HIDDEN

Date: Thu, 27 Sep 2001 15:23:34 -0400 (EDT)

[ On Thursday, September 27, 2001 at 16:09:27 (+0100), Andrew McGhee wrote: ] Of course SSH tunnelling of pserver is possible. But it's a bad idea. Sure it'll give you encryption, but then you're goi

/archive/html/info-cvs/2001-09/msg00968.html (7,200 bytes)

368. RE: Right Permissons !? (score: 22)

Author: HIDDEN

Date: Thu, 27 Sep 2001 16:18:13 +0100

Yes - I have to agree with the g+s setting being a security concern In fact, we shied away from using it in the end, and went for the ACL patch that allows control from within CVS itself, using pserv

/archive/html/info-cvs/2001-09/msg00942.html (8,346 bytes)

369. RE: CVS access control (score: 31)

Author: HIDDEN

Date: Thu, 27 Sep 2001 16:09:27 +0100

Is this of use to this argument? http://members.home.net/minyard/cvs-thoughts.html We've found Corey's ACL patches work well for what we want - but we still don't have a good "encrypted" connection y

/archive/html/info-cvs/2001-09/msg00940.html (8,859 bytes)

370. Re: CVS access control (score: 25)

Author: HIDDEN

Date: Wed, 26 Sep 2001 21:22:19 -0400 (EDT)

[ On Thursday, September 27, 2001 at 03:04:22 (+0400), Tobias Brox wrote: ] Me too! :-) [[ PLEASE!!!! ]] CVS is not a security tool -- it simply manages a bunch of files. You do not want to even thin

/archive/html/info-cvs/2001-09/msg00913.html (7,646 bytes)

371. Re: CVS access control (score: 26)

Author: HIDDEN

Date: Thu, 27 Sep 2001 03:04:22 +0400

address@hidden - Wed at 04:13:18PM -0400] Ok, I've looked a bit at the documentation - pserver is not at all secure. I'd say it would even be better off without password authentication at all (and us

/archive/html/info-cvs/2001-09/msg00906.html (11,630 bytes)

372. Re: CVS access control (score: 38)

Author: HIDDEN

Date: Wed, 26 Sep 2001 16:13:18 -0400

in not I think you're confusing authorization with authentication. SSH is perfect for authentication. It does not do authorization (short of minimally controlling what set of commands you're allowed

/archive/html/info-cvs/2001-09/msg00901.html (10,905 bytes)

373. Re: CVS access control (score: 20)

Author: HIDDEN

Date: Wed, 26 Sep 2001 13:23:12 -0400

afford I see nothing wrong with SSH. Also, from what I've heard, pserver is not secure. in Exactly, SSH affords better security than pserver. I've tried this (on an experimental basis) and had no pr

/archive/html/info-cvs/2001-09/msg00889.html (8,492 bytes)

374. Re: CVS access control (score: 9)

Author: HIDDEN

Date: Wed, 26 Sep 2001 19:38:24 +0400

address@hidden - Wed at 10:45:50AM -0400] The pserver method is, as for now, the only one that can offer any real access controls. As I understood, cvs users could only access the box in question thr

/archive/html/info-cvs/2001-09/msg00875.html (7,015 bytes)

375. export and toplevel admin (score: 9)

Author: HIDDEN

Date: Mon, 24 Sep 2001 14:07:41 +0200

Hello, we are using cvs pserver 1.11.1p1 on a SUSE Linux server with the alternateinfo patch and lots of windows clients. As we found out the cvs export does not work, if in CVSROOT/config 'TopLevelA

/archive/html/info-cvs/2001-09/msg00744.html (4,622 bytes)

376. Re: Two questions, simple I hope (score: 9)

Author: HIDDEN

Date: 19 Sep 2001 17:47:59 +0100

If WinCVS has a command line interface, would cvs log -d '1 year ago' [file(s)] work? the only thing I can think of is to give the consultant ssh access, and make him use setenv CVS_RSH ssh (or what

/archive/html/info-cvs/2001-09/msg00633.html (5,792 bytes)

377. Re: Security (score: 166)

Author: HIDDEN

Date: Mon, 17 Sep 2001 06:14:15 GMT

You mean NTLM authentication? It's used for things other than SMB. Microsoft Exchange can, for instance, NTLM authenticate with extensions to IMAP for doing so. Microsoft IIS can also force NTLM auth

/archive/html/info-cvs/2001-09/msg00509.html (6,917 bytes)

378. Re: Security (score: 164)

Author: HIDDEN

Date: Mon, 17 Sep 2001 00:58:34 -0400

Harder how? I don't have to decrypt your DES encrypted password. My password isn't DES encrypted. I think you need to re-read the post. I just have to use my hacked cvs client to take your DES encryp

/archive/html/info-cvs/2001-09/msg00505.html (6,842 bytes)

379. Re: Security (score: 161)

Author: HIDDEN

Date: Sun, 16 Sep 2001 21:28:07 -0700

Harder how? I don't have to decrypt your DES encrypted password. I just have to use my hacked cvs client to take your DES encrypted password from the command line and use it directly. It gains nothin

/archive/html/info-cvs/2001-09/msg00501.html (5,483 bytes)

380. Re: Security (score: 161)

Author: HIDDEN

Date: 17 Sep 2001 00:14:01 -0400

so> The method I suggestion is no stronger than pserver is; it simply so> makes it harder for someone to sniff the password off the network so> (which is incredibly easy to do with the current protoc

/archive/html/info-cvs/2001-09/msg00502.html (5,830 bytes)