[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANN: cvssh - secure ext-to-pserver bridge

From: Paul Sander
Subject: Re: ANN: cvssh - secure ext-to-pserver bridge
Date: Wed, 23 Jan 2002 22:56:35 -0800

>--- Forwarded mail from address@hidden

>[ On Wednesday, January 23, 2002 at 20:02:55 (-0800), Paul Sander wrote: ]
>> Subject: Re: ANN: cvssh - secure ext-to-pserver bridge
>> What I don't understand is why it's necessary to give people accounts on a
>> system in order to permit them to store data on them. 

>Because that's how Unix systems security works.

When someone uses shared accounts, they throw away Unix security.  Maybe
that's your point, but on the other hand Unix security is not needed in
many carefully controlled situations.

For example, if I want to share something on an anonymous FTP server (assuming
such a service is available) and I want to keep my name with my data, I would
use a shared account and store my name with my data, not as an attribute in
the filesystem.  The pserver mode operates in this manner (though its access
allows reading and appending to data rather than reading and replacing data),
and it's adequate for what it was designed for.

True, in this trivial FTP example I could always lie about my identity.  But
more sophisticated applications (like CVS) can easily do their own
authentication and rely their own logic to maintain the integrity of the
data.  The risk is in the security of the communication link and the
authentication on the client side.  And those using pserver mode seem to
think that the risk in using it is acceptable to them.

However, it goes without saying that anyone who uses a shared account on
the server in this (or any) way must have exactly enough access to the server
to do the intended work, no more and no less.  That means that the CVS admin
needs to be aware of the risks and take appropriate care, and the CVS
developers must be diligent in their implementations.

>--- End of forwarded message from address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]