[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS & SSL
|
From: |
Greg A. Woods |
|
Subject: |
Re: CVS & SSL |
|
Date: |
Fri, 1 Jun 2001 20:18:05 -0400 (EDT) |
[ On Friday, June 1, 2001 at 15:45:16 (-0400), Derek R. Price wrote: ]
> Subject: Re: CVS & SSL
>
> > Huh? All I've seen are patches to CVS, not a proper stand-alone module!
>
> Perhaps I don't understand. What exactly are you proposing?
If you want to use SSL with CVS then write something that looks, feels,
and tastes, just like SSH or RSH, and that requires the user to point to
it by setting CVS_RSH in their environment and then using "-d :ext:....".
That's stand-alone.
Just as you could hack SSH to listen on the pserver port and use
CVSROOT/passwd (though such a hack would be insecure in that it would
eliminate your ability to hold users accountable), so could you devise
something using SSL to do likewise.
Either way CVS does nothing with security, not even answer calls on the
pserver port; never runs as root; never calls setuid() or friends;
etc.; and thus can never be used to subvert repository security (at
least not so long as it's made plainly clear that without individually
accountable unix IDs there's only a shared account and no
accountability) and indeed.
Obviously access to CVS on the server still ipmlies possible access to
the shell, but since it'll never run as root you can chroot it much more
safely.
Beyond those inherent limitations all praise or blame for remote
security lies solely in the external module.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <address@hidden> <address@hidden>
Planix, Inc. <address@hidden>; Secrets of the Weird <address@hidden>