Re: autentication

[Greg A. Woods]

[ On Wednesday, October 27, 2004 at 09:19:07 (+1000), Carl Brewer wrote: ]
> Subject: Re: autentication
>
> Not needing to set up user accounts for people using CVS is my reason
> for using it, same as for why we use Cyrus imap - we don't
> want to give out shell accounts unless we absolutely have to,
> and ways to restrict shell users are buggy, insecure and inconsistant
> across platforms.
> 
> It's not a case of overworked as such*, but not being generous with
> permissions that not necessarily trusted users need.

Well if it's not overwork then it's ignorance (of how computing systems
security works).

Sorry, but that's the _only_ way it is.

If you're going to trust users with access to your CVS repository then
you really _must_ give them unique system-level identities.

Otherwise you may as well completely forget pretending to give them
different fake application-level identities in CVS alone since doing so
gives you absolutely no (security) advantage.

If you want any degree of true security and accountability then you
_MUST_ instantiate your user-IDs at the system level.  Attempting to do
anything else in any current common POSIX-like environment is a direct
violation of the system security model you're basing your whole house of
cards upon.

The whole premise of having a trusted multi-user computing base is to
have some way of _uniquely_ representing _individual_ humans and their
actions within that system.

If you're worried about shell users on your CVS repo host getting access
to something they're not supposed to then you've not correctly
partitioned your security domains in the first place.

-- 
                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <address@hidden>
Planix, Inc. <address@hidden>          Secrets of the Weird <address@hidden>