[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvs or rcs permissions in a secure environment

From: minyard
Subject: Re: cvs or rcs permissions in a secure environment
Date: 15 Oct 2001 21:56:25 -0500

"Thornton, Marc" <address@hidden> writes:
> Thanks for your insight and it seems it is as I expected.  The one question
> I do have, though, is would using a remote CVS repository (using pserver?)
> make the repository more secure if developers did not have direct access to
> the repository files?  I haven't dug too much into CVS... just wondering if
> it's an option.

That's a loaded question on this mailing list :-).

My answer is (along with just about everyone elses on this list) - 
Don't use plain pserver if you are at all interested in security.  It
transmits all passwords and data in plain text over the network, thus
they can easily be sniffed.

Using pserver does help prevent your own users from making dumb
mistakes in the repository.  If that is your only interest, then
pserver makes sense.  However, you get no ACL support at all from
pserver, it's all, read-only, or no access.  Don't even think about
using the setuid capability and running CVS as root.

If you need both, then the answer is more complicated.  I have a patch
that provides per-directory ACLs, pserver access over SSL (which
encrypts all passwords and data), and remote administration
(  I wrote it because I needed it
all.  With my patch, the CVS repository is probably more secure from
"internal" attacks (from your own users) since they don't have direct
access to the machine's filesystem.  It's definately more resistant to
dumb CVS user mistakes.  However, it will probably not be secure as
CVS over SSH from "external" attacks.  Plus, when you run with a
semi-non-standard version of something, you have to work harder to
maintain it.  This type of patch is more controversial on this list,
and perhaps rightly so, so please let's not start a big discussion on
this.  But if that's what you need, it's the only answer I know of.

Another thing (again agreed on by most everyone on this list) - HAVE A
Sorry to shout, but it's that important.  Nothing can replace that.
It will save your rear-end some day, I promise.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]