info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: to stop commit


From: Pierre Asselin
Subject: Re: to stop commit
Date: Sat, 20 Aug 2005 00:49:52 +0000 (UTC)
User-agent: tin/1.6.2-20030910 ("Pabbay") (UNIX) (NetBSD/2.0 (i386))

Mark D. Baushke <address@hidden> wrote:

> Lots of folks are using it. A google search should find a number of
> possible configurations including a chrooted system or a jail.

>   http://www.openbsd.org/anoncvs.html
>   http://reactor-core.org/howto-ssh-anoncvs.html

Thanks.  I'll check the links.

> [ ... ]
> It is even easier than that, setup a anoncvs userid with a shells that
> only runs the execl('/usr/bin/cvs', 'cvs', 'server', NULL) function and
> that allows an empty password.

Which gives everyone the right to run "cvs server" on your machine
and stuff attacks down its stdin.  This as opposed to running "cvs
pserver" on your machine and stuffing attacks down its stdin.  Is it
that much of an improvement?

For authenticated cvs I see how ssh is more secure... because it
just is.  Your users can still attack you if they want, but there
is an audit trail of who connected when.  With anonymous cvs,
whether through ssh or xinetd, it's basically a given that you
allow absolutely anyone to run cvs without a lot of traceability.


> Security of sshd is much higher than security of cvs. The only
> vulnerability will be that of the user/group you provide for the anoncvs
> userid instead of the possibility of 'root' in most :pserver:
> configurations.

Hmmm, I see.  So the risk is an attacker cracking cvs pserver
before it calls setuid() ?


-- 
pa at panix dot com


reply via email to

[Prev in Thread] Current Thread [Next in Thread]