[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Security, audits and pserver

From: Walter, Jan
Subject: RE: Security, audits and pserver
Date: Mon, 16 Dec 2002 17:16:41 +0100

That's why you would tunnel it over ssh or something like that, with limited
key access. People you trust get the key, and their key gets kept on the
server. Definitely, a wide-open pserver connection is just an invitation to
get cracked.


> -----Original Message-----
> From: address@hidden [mailto:address@hidden 
> Sent: Monday, December 16, 2002 5:13 PM
> To: address@hidden
> Cc: address@hidden
> Subject: Re: Security, audits and pserver
> Walter, Jan writes:
> > 
> > Personally I tend to believe that giving people any sort of local 
> > access (even in a chrooted environment for the user for 
> instance) is 
> > more of a security risk than allowing pserver access over ssl/ssh, 
> > with the limited number of users having the key needed to connect 
> > (i.e. Auto-key negotiation disabled and so on). This limits the 
> > exposure of pserver to people already having the public key of the 
> > server (and their public key registered there).
> Note that giving anyone pserver access to a machine is 
> equivalent to giving them local shell access -- there are 
> fairly simple tricks that can be used to execute arbitrary 
> code on the server.  CVS was not designed as a security 
> application, it was designed as a collaboration application 
> for cooperative users.
> -Larry Jones
> Let's just sit here a moment... and savor the impending 
> terror. -- Calvin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]