[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS woes: .cvspass
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: CVS woes: .cvspass
- From: Delian Krustev <krustev@xxxxxxxxxxx>
- Date: Thu, 5 Aug 2004 12:52:10 +0300
On Wednesday 04 August 2004 23:35, Greg A. Woods wrote:
> Nope, sorry, but that's just not possible, at least not with CVS pserver.
What's not possible ? Using IPSEC ?!
> The unix security model, within which CVS is designed and implemented to
> work, _requires_ unique user-IDs for each and every unique human user.
>
> This is in fact a basic, fundamental, requirement of all systems of this
> type.
>
I'm not sure what You mean by "human user". The users in cvs doesn't have
to be mapped to system users(CVSROOT/passwd).
> CVS is not, and cannot be, a security tool so running it as root and
> pretending to have it do all your authentication and authorisation flies
> directly in the face of the underlying system security model and leaves
> you with no real and verifiable accountability whatsoever, and it also
> leaves you open to the possibility of yet another vulnerability vector
> in the form of the unaudited CVS code base. Remember that the vast
> majority of all security incidents originate internally to the
> organisations they affect.
You're right CVS is not a security tool. It's a version control system.
In fact, what You are talking about ? Do You remember what the subject
of the post You're replying to was ?
[snip]
> If you think your network is secure enough courtesy other mechanisms
> then you can use RSH instead of SSH, but DO NOT try to use cvspserver
> for anything but totally anonymous access.
There's a site outhere. It's sf.net . They demonstrate, with the number
of projects being hosted there (with pserver access), You're not right
again.
The cvs server doesn't have to be run as root. IMHO it's pretty bad
idea to run it as root. Furthermore cvs provides several hooks, which
could be utilized if you need control at certain points and over
certain operations. E.g. commiters could be controlled by module and
branch.
About the password scrambling. It's well documented why it's like
that. The scrambling algorithm is also described. And it's all there.
In the manual.
S.O. said that fake security is worse than no security. Password
encryption in .cvspass should be considered "no security".
On the other side, people's stupidity is endless. I won't be surprised
to see private keys posted in a public forum. This, ofcourse, could
be nothing but a reason for admiration.