|From:||M . E . O'Neill|
|Subject:||Re: Patch: Add support for CVS_USER environment variable|
|Date:||Wed, 25 Feb 2004 22:53:02 -0800|
Derek Price wrote:
If your script is so cunning, why can't it setuid to the username in question after authentication?
Because those usernames doesn't have access to the repository -- only one user has access. If it did, they could just do local commits without any trickery. In general, running cvs setuid is a recipe for trouble.
I use it to run a submission system for student pair programming. The repository is owned by the grader account. Students need access, but shouldn't see the repository of other students. Classic solutions (like using groups) don't work, because the grader account would have to be in too many groups.
I am afraid that you may be right, however. I can't think of a good way to exploit your suggestion if it only works with `cvs server'. Of course, your patch doesn't implement this and would need documentation and test cases to be accepted. Please see the HACKING file in the top level of the CVS source distribution for more.
If you don't want to accept the patch, it's not a huge loss to me. Sending in a patch costs me almost nothing, and it's trivial enough that keeping it up to date is easy. And, as I said, I found the basic essence of the patch on the 'net anyway, see for example:
But, that said, rejecting the patch on the grounds that it allows people to cheat will leave me a little concerned that the maintainers of CVS have some rather strange notions when it comes to security aspects of the software they maintain, and that's rather worrisome.
|[Prev in Thread]||Current Thread||[Next in Thread]|