Re: cvs on unix simple security issue

[Todd Denniston]

address@hidden wrote:
> Hello. self proclaimed CVS noob here
>
> we have this repository root located under  /aps/cvs/CVSROOT and we
> maintain software under directories like this
>
> /aps/fire/cobol
> /aps/fire/jcl
> /aps/fire/sql
>
> I've discovered that unix users on the can remove cvs versioning
> formation by simply doing an rm under   /aps/cvs/aps/fire/jcl .. where
> files like mysource,v exist.
>
> However if I attempt to secure those directories, unix users can't
> deploy to the repository.
>
> Is there any way to secure the directories with the ",v" files  while
> allowing unix users (developers) to deploy? Don't they need write to
> those directories?
>
> Thanks for any help or information.

0) get a good backup system implemented.
1) Have some one Write down the policy and get management approval for it,
        a) to remove software from a checkout do a
                `cvs rm file`; `cvs commit`
        b) anyone who, is not authorized, does a Unix rm|mv inside
                of the cvs repository will be disciplined appropriately.
        c) discipline sessions will continue until
                company property stops disappearing from the
                cvs repository.
2) Inform the developers of the policy.
3) have management implement the policy.
4) change from the current method of accessing the cvs server to ssh and limit 
the commands the user execute from the ssh session to CVS (search the web, 
others have done this and documented the procedure). Now you have 
authenticated and tracked logins that can be audited.
5) make sure the only way someone can log into the cvs server is with ssh.

pserver is most likely NOT your friend if you already have developers being 
destructive in the repository.

--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter