On Wed, Aug 09, 2000 at 12:57:17PM -0400, Greg A. Woods wrote:
> [ On Wednesday, August 9, 2000 at 11:54:33 (-0400), Justin Wells wrote: ]
> > Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
> >
> > Is it as easy for a WinCVS user to set up ssh as it is to set up pserver?
> >
> > No.
>
> Contrary to your claims it's not hard at all to use SSH with WinCVS.
> Read the SourceForge documentation for an extremely lucid and accurate
> description of the step-by-step instructions on how to do it.
Is it as easy for a WinCVS user to set up ssh as it is to set up pserver?
The answer is still NO. You have to install lots of extra software in
very specific ways and set up some weirdly configured stuff. Talk to me
again when the configuration is built into WinCVS.
> You cannot fix it -- you're addressing the wrong problem and you are
> giving people a false sense of security and as such *YOU* are actually
> making them more vulnerable as a result!
So you say, but under careful analysis your position doesn't hold up. We
went through every risk I might possibly face and I showed you in every case
that the risk was acceptable. I'm sure there are other people in the same
situation as I am.
> However if I
> were to solicit services from more anonymous volunteers I would move
> that server onto a machine where I would not risk things that I could
> not trust such volunteers to avoid messing with. Other than that though
> I'd still require SSH for commit access and I'd still do independent
> mechanical audits of all changes.
But, in that case, what have you gained beyond a secure pserver? An
attacker can get an account easily enough just for asking, so they really
don't need to attack the transport layer to discover passwords.
At that point your default ssh solution is FAR less secure than my
chrooted pserver--because your default ssh solution is not chrooted
and therefore provides potential attackers with a full shell on your box.
Sure, you could chroot your ssh setup too.. but you have always argued
vigorously against using chroot.
If I move to ssh, I will definately still be using chroot. Even on a
box where there's nothing else important there is no justification for
giving away full fledged shells to people who don't need them.
Justin
