Re: Security, audits and pserver

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security, audits and pserver

From:	Phil R Lawrence
Subject:	Re: Security, audits and pserver
Date:	Thu, 12 Dec 2002 14:54:53 -0500
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

CHARLES HART, BLOOMBERG/ 499 PARK wrote:

um, I'm a newbie at CVS, so I've read more of the documentation than anything
else, but the answers I've seen so far for the security question seem to have
missed one vital point.  People have write access to spots in the repository,
therefore they, just like CVS, can write as they please to the ,v files. That
means that there is no guarentee that the history that is present in the
repository reflects the actual events in history.  This hole, even if it is not
exploited in an organization because everybody is "good", is still a hole, and
won't pass an audit.  What I'll be testing next week, is a CVS server where no
"users" exist in /etc/passwd, and all access rights are granted through pserver
mapping CVS user IDs to security accounts. The admin can still bypass audit
controls, but that's better than having my 1,000 users being enabled to. -CTH


what about this:

1. I set up cvs-admin as a user in /etc/passwd

2. I set up these groups in etc/group:
cvs-admin
cvs-devel  (all developers are members, this group owns LockDir, etc)
cvs-devel-foo  (no one is a member)
cvs-devel-bar  (no one is a member)
cvs-devel-baz  (no one is a member)

3. then I make CVSROOT (/usr/local/cvs) look like this:
drwxrwsr-x    3 root          cvs-admin     4096 Dec 12 14:17 .
drwxr-xr-x   15 root          root          4096 Dec 12 13:49 ..
drwxrwsr-x    3 cvs-admin     cvs-admin     4096 Dec 12 14:17 CVSROOT
drwxrwsr-x    3 cvs-admin     cvs-devel-foo 4096 Dec 12 14:17 foo
drwxrwsr-x    3 cvs-admin     cvs-devel-bar 4096 Dec 12 14:17 bar
drwxrwsr-x    3 cvs-admin     cvs-devel-baz 4096 Dec 12 14:17 baz

Then, any user on the system can see the files, but there are no membersof cvs-devel-foo, etc., so no one can modify.

Then I set up CVSROOT/passwd to map actual developer ids from/etc/passwd to the cvs-devel-foo groups.

Will cvs then allow the local developers to check-in, out, etc, via themappings in CVSROOT/passwd, even though I'm not running pserver?



-Phil

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Security, audits and pserver, CHARLES HART, BLOOMBERG/ 499 PARK, 2002/12/12
- Re: Security, audits and pserver, Noel Yap, 2002/12/12
  - Re: Security, audits and pserver, Paul Sander, 2002/12/12
    - RE: Security, audits and pserver, Shankar Unni, 2002/12/12
    - RE: Security, audits and pserver, Paul Sander, 2002/12/12
    - Re: Security, audits and pserver, Noel Yap, 2002/12/13
    - Re: Security, audits and pserver, Paul Sander, 2002/12/13
- Re: Security, audits and pserver, Phil R Lawrence <=
  - Re: Security, audits and pserver, Larry Jones, 2002/12/12
- RE: Security, audits and pserver, Neis, Mark, 2002/12/12
- RE: Security, audits and pserver, Douglas Finkle, 2002/12/13
- RE: Security, audits and pserver, Walter, Jan, 2002/12/16
  - Re: Security, audits and pserver, Larry Jones, 2002/12/16
  - RE: Security, audits and pserver, Paul Sander, 2002/12/16
    - Re: Security, audits and pserver, david, 2002/12/17
- RE: Security, audits and pserver, Walter, Jan, 2002/12/16
  - RE: Security, audits and pserver, Greg A. Woods, 2002/12/16

Prev by Date: Re: Security, audits and pserver
Next by Date: RE: Security, audits and pserver
Previous by thread: Re: Security, audits and pserver
Next by thread: Re: Security, audits and pserver
Index(es):
- Date
- Thread