[ On Monday, August 7, 2000 at 23:14:36 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> If that's all you want to accomplish it wouldn't be much work to move the
> pserver code out of CVS into a binary called pserver which performs an
> exec() after reading the authorization block. Isn't this what nserver does?
>
> I think that's a good idea. Less code to audit.
Hmmm... yeah, and guess what SSH does too!
> By the way, I looked over the pserver code and found potential stack
> overflows only in the getline() code, and then only if there is some
> error reading from the stream. I patched my copy of pserver so that if
> there is an error reading the stream during the authentication process
> it immediately calls exit(0), removing the potential overflow problem.
>
> There's not THAT much code to audit once my patch is applied:
You don't seem to understand -- *ALL* of the code in the process is
subject to attack while it is running, and indeed some systems even make
it possible for that other code to regain privileges once held by the
process.
The only secure solution is to never allow CVS to execute as root. Period.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
