I've patched CVS 1.10.8 so that it supports a new command line option:
cvs --chroot /some/chroot/root/
The patch is attached to this email. I hereby grant permission to everyone
in the entire world to use this patch in whatever way they like for whatever
purpose they like. I assign copyri
On Friday, August 4, Justin Wells wrote:
>
> The patch is attached to this email. I hereby grant permission to everyone
> in the entire world to use this patch in whatever way they like for whatever
> purpose they like. I assign copyright to it to the Free Software Foundation.
Why not just say "
Justin Wells writes:
>
> I've patched CVS 1.10.8 so that it supports a new command line option:
>
> cvs --chroot /some/chroot/root/
Why do you want to add a command line option to CVS rather than just
using /usr/sbin/chroot in inetd.conf to run CVS?
-Larry Jones
Good gravy, whose side
> I've patched CVS 1.10.8 so that it supports a new command line option:
>
> cvs --chroot /some/chroot/root/
Wouldn't it be easier to just run
chroot /some/chroot/root cvs
out of [x]inetd? Doing this also avoids the concern about "did I do the
chroot soon enough" which could
On Fri, Aug 04, 2000 at 01:11:19PM -0400, Larry Jones wrote:
> Justin Wells writes:
> >
> > I've patched CVS 1.10.8 so that it supports a new command line option:
> >
> > cvs --chroot /some/chroot/root/
>
> Why do you want to add a command line option to CVS rather than just
> using /usr
On Fri, Aug 04, 2000 at 02:35:36PM -0400, Rich Salz wrote:
> I know you can say the same thing about my getpid/putenv patch. I'd
> consider that slightly different since that also works for non-pserver.
> But I do think it's an issue for us to consider: when to patch main()
> and when to write
On Fri, Aug 04, 2000 at 11:06:23AM -0600, Tobias Weingartner wrote:
> Why not just say "This patch is in the public domain, no warranty/etc". Why
> assign copyright to the FSF? They tend to want things to be under the GPL.
Because CVS itself is under the GPL, and this mailing list is @gnu.org,
Justin Wells writes:
>
> 1) before you chroot you have to chdir, so it would actually require a
>shell script. otherwise on many unixes there is a chdir hack that
>allows you to break out of the chroot.
So? Many of us end up running a shell script anyway for other reasons.
It's not t
On Fri, Aug 04, 2000 at 02:47:45PM -0400, Justin Wells wrote:
> I have a wrapper which does a chroot followed by a setuid/setgid and then
> runs CVS. Then I had to patch CVS so that it wouldn't try the setuid/segid
> on itself. Otherwise there is no guarantee CVS will drop root permissions
> and
On Fri, Aug 04, 2000 at 02:52:30PM -0400, Larry Jones wrote:
> > 2) cvs pserver needs to run as root long enough to setuid/setgid, and i
> >wanted to add a line of code ensuring that that really happened. if
> >for some reason the setuid/setgid doesn't happen, and cvs is left
> >run
[ On Friday, August 4, 2000 at 15:10:14 (-0400), Justin Wells wrote: ]
> Subject: Re: patch to make CVS chroot
>
> The principle is security: I absolutely do not under any circumstances in
> any possible universe under any condition want someone accessing the root
> user id thro
On Fri, Aug 04, 2000 at 09:29:06PM -0400, Greg A. Woods wrote:
> The only 100% guaranteed way to be sure of this is to *NEVER* run CVS as
> root, not ever, not for one CPU cycle, period!
Yes that's true. However:
> You could, if you really insist on using the inherently broken concept
> of cvsps
On Saturday, August 5, Justin Wells wrote:
>
> I can't do that because I need to control access to portions of the
> repository using groups. I wish CVS had this capacity internally but
> it doesn't--I have to rely on Unix groups and that means I have to
> run CVS as root.
Huh!?! CVS does n
On Sat, Aug 05, 2000 at 01:50:47AM -0600, Tobias Weingartner wrote:
> Huh!?! CVS does not need to run as root to get the "unix groups"
> benefit. You simply have to create accounts on the machine, and
> use something like the ssh transport in order to correctly utilize
> this feature. Been th
[ On Saturday, August 5, 2000 at 01:20:35 (-0400), Justin Wells wrote: ]
> Subject: Re: patch to make CVS chroot
>
> I can't do that because I need to control access to portions of the
> repository using groups. I wish CVS had this capacity internally but
> it doesn'
On Sat, Aug 05, 2000 at 02:32:53PM -0400, Greg A. Woods wrote:
> Excuse me? If you just run CVS as normal *REAL* users then you can have
> all the benefits of unix groups!
Sorry, I can't do that. It's not possible.
> Please do not try to resolve inconsistencies in your own requirements by
> m
> "JW" == Justin Wells <[EMAIL PROTECTED]> writes:
JW> What CVS really needs is an external module which handles
JW> authentication, has support for ssl, performs the chroot/setgid on auth
JW> and then invokes the ordinary cvs to do the processing, and is short
JW> enough that it can be effec
That looks like a really good idea.
Justin
On Sat, Aug 05, 2000 at 01:49:10PM +0400, Alexey Mahotkin wrote:
> > "JW" == Justin Wells <[EMAIL PROTECTED]> writes:
>
> JW> What CVS really needs is an external module which handles
> JW> authentication, has support for ssl, performs the chroot/
> "TW" == Tobias Weingartner <[EMAIL PROTECTED]> writes:
>> Unfortunately the way Unix is written there is no other way to gain
>> access to setgid. If there were, my problem would be solved. If CVS had
>> some other kind of group access control technology in it that would also
>> solve my pr
> "LJ" == Larry Jones <[EMAIL PROTECTED]> writes:
>> I've patched CVS 1.10.8 so that it supports a new command line option:
>>
>> cvs --chroot /some/chroot/root/
LJ> Why do you want to add a command line option to CVS rather than just
LJ> using /usr/sbin/chroot in inetd.conf to run CVS?
B
[ On Saturday, August 5, 2000 at 15:49:21 (-0400), Justin Wells wrote: ]
> Subject: Re: patch to make CVS chroot
>
> > WinCVS works very well with SSH on NT -- I've no experience with Win9x,
>
> It most certainly does not!
It does. Even I could make it work with a ver
[ On Sunday, August 6, 2000 at 00:45:37 (-0400), Justin Wells wrote: ]
> Subject: Re: patch to make CVS chroot
>
> That looks like a really good idea.
Be warned that if used in the scenario where it provides "virtual
repositories" it suffers the exact same design flaws (a
[ On , August 6, 2000 at 11:21:35 (+0400), Alexey Mahotkin wrote: ]
> Subject: Re: patch to make CVS chroot
>
> Because single cvspserver can serve several repositories.
Not securely it cannot! ;-)
--
Greg A. Woods
+1 416
[ On , August 6, 2000 at 11:12:01 (+0400), Alexey Mahotkin wrote: ]
> Subject: Re: patch to make CVS chroot
>
> Because when you are sourceforge.net and there are several (tens) thousands
> of developers, things change it seems to me.
My meager little tiny systems can support milli
On Sun, Aug 06, 2000 at 12:54:09PM -0400, Greg A. Woods wrote:
> Something that's been proven to work in production in professional
> software development shops around the worls obviously isn't ``vapourware''!
Take off the "professional software development shop" training wheels and
try to solve
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Greg A. Woods) writes:
> See the recent thread on BUGTRAQ where someone "exposed" the
> insecurities of cvspserver.
No. That's *not* cvspserver problem.
First half is a general server problem not restricted to cvspserver
and last half is cli
[ On , August 7, 2000 at 03:51:42 (+0900), Tanaka Akira wrote: ]
> Subject: Re: patch to make CVS chroot
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Greg A. Woods) writes:
>
> > See the recent thread on BUGTRAQ where someone "exposed" the
&g
On Sun, Aug 06, 2000 at 07:53:43PM -0400, Greg A. Woods wrote:
> Yes, it is a cvspserver problem, and *only* a cvspserver problem. The
> number and consequences of bugs in any version of CVS not using
> cvspserver are totally irrelevant from a security point of view because
> the only way they c
[ On Monday, August 7, 2000 at 01:59:50 (-0400), Justin Wells wrote: ]
> Subject: Re: patch to make CVS chroot
>
> Your assumption that everyone who is authorized to access CVS is
> trusted in general is FLAWED.
BTW, that's not my assumption -- that's a consequence of th
[EMAIL PROTECTED] (Greg A. Woods) writes:
> If I had any say in sourceforge I'd encourage them to move read-only
> anonymous access over to a separate non-trusted system that cannot write
> to the live repositories (they could do this either with NFS and a
> couple of tiny hacks, or with regular
[ On , August 9, 2000 at 23:25:59 (+0100), James Youngman wrote: ]
> Subject: Re: patch to make CVS chroot
>
> [EMAIL PROTECTED] (Greg A. Woods) writes:
>
> > If I had any say in sourceforge I'd encourage them to move read-only
> > anonymous access over to a sep
Greg A. Woods <[EMAIL PROTECTED]> wrote:
> It's best to assume that shell access is possible even while you do
> everything you can to mitigate the risks that such access might pose.
So wouldn't this make the chroot strategy a good thing?
[ On Thursday, August 10, 2000 at 16:15:36 (+0800), Mark Harrison wrote: ]
> Subject: Re: patch to make CVS chroot
>
> Greg A. Woods <[EMAIL PROTECTED]> wrote:
> > It's best to assume that shell access is possible even while you do
> > everything you can to mit
On Thu, Aug 10, 2000 at 12:56:24PM -0400, Greg A. Woods wrote:
> Not necessarily. It has been independently shown many times that it is
> very difficult to correctly configure a safe chroot environment for
> anything but the most trivially simple uses.
It's not difficult. There are only a few th
[ On Thursday, August 10, 2000 at 22:39:21 (-0400), Justin Wells wrote: ]
> Subject: Re: patch to make CVS chroot
>
> On Thu, Aug 10, 2000 at 12:56:24PM -0400, Greg A. Woods wrote:
> > Not necessarily. It has been independently shown many times that it is
> > very d
> "GAW" == Greg A Woods <[EMAIL PROTECTED]> writes:
>> http://alexm.here.ru/cvs-nserver/
>> That looks like a really good idea.
GAW> Be warned that if used in the scenario where it provides "virtual
GAW> repositories" it suffers the exact same design flaws (and is thus
GAW> at least equally
The --chroot flag also significantly reduces the risk here as well. Only
those executables you place into the chroot area are available for use. If
you don't need scripts in your CVS installation you could also do without
having any binaries at all--you could even place the chroot root in on
a m
[ On Monday, August 7, 2000 at 00:09:47 (+0400), Alexey Mahotkin wrote: ]
> Subject: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> GAW> See the recent thread on BUGTRAQ where someone "exposed" the
> GAW> insecurities of cvspserver.
>
>
[ On Sunday, August 6, 2000 at 18:47:33 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
>
> The --chroot flag also significantly reduces the risk here as well. Only
> those executables you place into the
On Sun, Aug 06, 2000 at 07:37:56PM -0400, Greg A. Woods wrote:
> If someone breaks your hacked chroot patch they will, by your design,
> have superuser privileges, at which point chroot is meaningless because
> anyone capable of doing the first crack will snuff your chroot in mere
> seconds and yo
On Sun, Aug 06, 2000 at 07:11:07PM -0400, Greg A. Woods wrote:
> No, the flaw in cvspserver is that it effectively merges the identities
> of all unique users into one system level identity.
Uhh.. no. Read up on pserver. It performs a setuid/setgid to the user id
of the user logging in to it.
> "JW" == Justin Wells <[EMAIL PROTECTED]> writes:
>> need for cvs-nserver in the first place so far as I can see (because it
>> means all you're really doing is re-inventing SSH or SSL or SRP, etc.).
JW> I thought nserver was implemented on top of SSL. But what do I know,
JW> maybe it isn't
[ On Sunday, August 6, 2000 at 22:27:22 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> On Sun, Aug 06, 2000 at 07:37:56PM -0400, Greg A. Woods wrote:
> > If someone breaks your hacked chroot patch they will,
[ On Sunday, August 6, 2000 at 22:35:33 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> It's also not coincidental that pserver performs the authentication
> separately and then hands control down to the lo
On Mon, Aug 07, 2000 at 02:14:24PM -0400, Greg A. Woods wrote:
> [ On Sunday, August 6, 2000 at 22:35:33 (-0400), Justin Wells wrote: ]
> > Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
> >
> > It's also not coincidental that pserver p
On Mon, Aug 07, 2000 at 02:11:13PM -0400, Greg A. Woods wrote:
> The *ONLY* secure way to use cvspserver is to rip out the current crap
> in the implementation that requires it to run as root and then to run it
> only as a non-privileged unique user-id which is given permission to
> read (and onl
[EMAIL PROTECTED] on 2000.08.08 02:14:08
>So, if I do that, how do I get access control lists? Currently the only
>reason why I have to run pserver as root is so that I can hand out
>write access to my repository on a module by module basis. Core
>developers get to write to every module, but s
[ On Monday, August 7, 2000 at 23:14:36 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> If that's all you want to accomplish it wouldn't be much work to move the
> pserver code out of CVS into a binar
[ On Tuesday, August 8, 2000 at 02:14:08 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> So, if I do that, how do I get access control lists? Currently the only
> reason why I have to run pserver as root is so tha
On Tuesday, August 08, 2000 6:14 PM, Justin Wells [SMTP:[EMAIL PROTECTED]]
wrote:
> On Mon, Aug 07, 2000 at 02:11:13PM -0400, Greg A. Woods wrote:
>
> > The *ONLY* secure way to use cvspserver is to rip out the current crap
> > in the implementation that requires it to run as root and then to run
Greg A. Woods <[EMAIL PROTECTED]> wrote:
> In fact you can get more powerful ACLs than unix normally offers by
> default by simply switching to a type of Unix system that offers more
> powerful ACLs. These types of systems are not rare and are available
> specifically because there are indeed val
On Tue, Aug 08, 2000 at 02:53:30PM -0400, Greg A. Woods wrote:
> [ On Monday, August 7, 2000 at 23:14:36 (-0400), Justin Wells wrote: ]
> > Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
> >
> > If that's all you want to accomplish i
On Tue, Aug 08, 2000 at 03:03:05PM -0400, Greg A. Woods wrote:
> > What's special about me is that all of the data on the box and in the
> > repository has already been published to the whole world. There is no
> > sensitive information there, nor even on any other machine connected
> > to the
On Wednesday, August 9, Justin Wells wrote:
>
> Wrong. I run a public CVS archive. People are always examining the diffs
> and would notice right away. Same is true for any free/open software project,
> you just don't get it, that's all.
It is still entirely possible to do. I've seen this done,
advisory (Was: patch to make CVS
chroot)
Greg A. Woods <[EMAIL PROTECTED]> wrote:
> In fact you can get more powerful ACLs than unix normally offers by
> default by simply switching to a type of Unix system that offers more
> powerful ACLs. These types of systems are not rare an
[EMAIL PROTECTED] on 2000.08.09 03:37:01
>In other words, why was pserver invented? Because *CVS clients did not
>wish to implement the rsh protocol? Or because the rsh protocol was usually
>blocked by various firewalls? Wow, so we (or someone) implemented one of
>the worst protocols *ever*
[EMAIL PROTECTED] on 2000.08.09 00:25:31
>On Tue, Aug 08, 2000 at 02:53:30PM -0400, Greg A. Woods wrote:
>> [ On Monday, August 7, 2000 at 23:14:36 (-0400), Justin Wells wrote: ]
>> > Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS
chroot)
>>
On Wed, Aug 09, 2000 at 01:37:01AM -0600, Tobias Weingartner wrote:
> > > Any sufficiently powerful language is effectivley Turing Complete --
> > > i.e. will allow the cracker to do dangerous things.
> >
> > This sounds clever, but everything it says is wrong: there are turning
> > complete lan
On Wed, Aug 09, 2000 at 08:51:11AM -0400, Noel L Yap wrote:
> >Unless you're talking about recent versions of Linux, FreeBSD, or Solaris
> >I really don't give a damn. Add some documentation warning people of the
> >risk. I don't subscribe to your philosophy that all humans are morons and
> >can'
[ On Wednesday, August 9, 2000 at 00:31:01 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> Wrong. I run a public CVS archive. People are always examining the diffs
> and would notice right away. Same is true for a
[ On Wednesday, August 9, 2000 at 12:03:02 (+0800), Mark Harrison wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> Greg A. Woods <[EMAIL PROTECTED]> wrote:
> > In fact you can get more powerful ACLs than unix normally offers by
[ On Wednesday, August 9, 2000 at 01:37:01 (-0600), Tobias Weingartner wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> I'm a hardliner, and am going to say "down with inferior protocols". May
> they die a quick, and pai
:29AM -0400, Greg A. Woods wrote:
> [ On Wednesday, August 9, 2000 at 00:31:01 (-0400), Justin Wells wrote: ]
> > Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
> >
> > Wrong. I run a public CVS archive. People are always examining the diffs
On Wed, Aug 09, 2000 at 10:53:10AM -0400, Greg A. Woods wrote:
> I.e. Justin: Please do not continue to publicly promote your patch --
> it is not an improvement in security and continued promotion will give
> CVS users a false sense of security. In fact I will continue to
> strongly suggest th
[EMAIL PROTECTED] on 2000.08.09 10:22:00
>The trick is to use them correctly, just as you would have to use
>permissions and ownerships correctly without full ACLs. Any kind of
>access control mechanism, be it traditional unix-style permissions, or
>full ACLs, will only have the desired effec
[ On Wednesday, August 9, 2000 at 11:54:33 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> Is it as easy for a WinCVS user to set up ssh as it is to set up pserver?
>
> No.
Contrary to your claims it's no
[ On Wednesday, August 9, 2000 at 10:23:22 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> But right now it's not a choice, and I want pserver to be as secure
> as it can be while I wait for the clients to c
On Wed, Aug 09, 2000 at 11:54:33AM -0400, Justin Wells wrote:
> Is it as easy for a WinCVS user to set up ssh as it is to set up pserver?
Yes.
mrc
--
Mike Castle Life is like a clock: You can work constantly
[EMAIL PROTECTED] and be right all the time, or not work at all
www.ne
On Wednesday, August 9, Justin Wells wrote:
>
> ssh CVS is just as vulnerable though. Just because I gave someone a write
> password doesn't mean that they are going to be trustworthy.
Right there you are contradicting yourself. If you *give* someone a means
to make changes, that implies that y
> There is no
> excuse for not using strong cryptographic security with CVS. There is
> no excuse for building orthogonal protection mechanisms into any
> application, and most especially not one that offers public network
> services!
Except that doing it right is not the trivial job that you ha
[ On Wednesday, August 9, 2000 at 11:51:34 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
>
> ssh CVS is just as vulnerable though. Just because I gave someone a write
> password doesn't mean that
On Wed, Aug 09, 2000 at 12:57:17PM -0400, Greg A. Woods wrote:
> [ On Wednesday, August 9, 2000 at 11:54:33 (-0400), Justin Wells wrote: ]
> > Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
> >
> > Is it as easy for a WinCVS user to set up s
On Wed, Aug 09, 2000 at 12:06:53PM -0500, Mike Castle wrote:
> On Wed, Aug 09, 2000 at 11:54:33AM -0400, Justin Wells wrote:
> > Is it as easy for a WinCVS user to set up ssh as it is to set up pserver?
>
> Yes.
No it isn't. You can use pserver with WinCVS directly by configuring WinCVS
with no
On Wed, Aug 09, 2000 at 11:27:30AM -0600, Tobias Weingartner wrote:
> On Wednesday, August 9, Justin Wells wrote:
> >
> > ssh CVS is just as vulnerable though. Just because I gave someone a write
> > password doesn't mean that they are going to be trustworthy.
>
> Right there you are contradicti
On Wed, Aug 09, 2000 at 02:12:50PM -0400, Greg A. Woods wrote:
> [ On Wednesday, August 9, 2000 at 11:51:34 (-0400), Justin Wells wrote: ]
> If you grant trust to an untrustworthy party then that's got nothing to
> do with SSH or CVS!
That's your professional software shop training wheels speakin
[ On Wednesday, August 9, 2000 at 14:41:15 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> That's your professional software shop training wheels speaking. In the
> real world I don't really know these pe
[EMAIL PROTECTED] on 2000.08.09 14:38:14
>Someone might lie to me to get write access and then attack my box. Under
>my solution they don't get very far because they don't have a general
>shell: they're contained to changing the CVS repository, which I can
>quite easily detect by examining the
[EMAIL PROTECTED] on 2000.08.09 14:41:15
>On Wed, Aug 09, 2000 at 02:12:50PM -0400, Greg A. Woods wrote:
>> [ On Wednesday, August 9, 2000 at 11:51:34 (-0400), Justin Wells wrote: ]
>> If you grant trust to an untrustworthy party then that's got nothing to
>> do with SSH or CVS!
>
>That's your
On Wed, Aug 09, 2000 at 02:34:02PM -0400, Justin Wells wrote:
> On Wed, Aug 09, 2000 at 12:06:53PM -0500, Mike Castle wrote:
> > On Wed, Aug 09, 2000 at 11:54:33AM -0400, Justin Wells wrote:
> > > Is it as easy for a WinCVS user to set up ssh as it is to set up pserver?
> >
> > Yes.
>
> No it is
[ On Wednesday, August 9, 2000 at 14:32:47 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> Is it as easy for a WinCVS user to set up ssh as it is to set up pserver?
It should be -- if they don't already have
[ On Wednesday, August 9, 2000 at 13:52:05 (-0400), Rich Salz wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> Except that doing it right is not the trivial job that you have
> repeatedly said it is. CVS requires the local operating
On Wednesday, August 9, Justin Wells wrote:
>
> If I move to ssh, I will definately still be using chroot. Even on a
> box where there's nothing else important there is no justification for
> giving away full fledged shells to people who don't need them.
Have a look at anoncvssh, with a rough
Mike Castle wrote:
>
> On Wed, Aug 09, 2000 at 02:34:02PM -0400, Justin Wells wrote:
> > On Wed, Aug 09, 2000 at 12:06:53PM -0500, Mike Castle wrote:
> > > On Wed, Aug 09, 2000 at 11:54:33AM -0400, Justin Wells wrote:
> > > > Is it as easy for a WinCVS user to set up ssh as it is to set up pserve
On Wednesday, August 9, Justin Wells wrote:
> On Wed, Aug 09, 2000 at 02:12:50PM -0400, Greg A. Woods wrote:
> > [ On Wednesday, August 9, 2000 at 11:51:34 (-0400), Justin Wells wrote: ]
> > If you grant trust to an untrustworthy party then that's got nothing to
> > do with SSH or CVS!
>
> That's
Tobias Weingartner wrote:
> On Wednesday, August 9, Justin Wells wrote:
> >
> > If I move to ssh, I will definately still be using chroot. Even on a
> > box where there's nothing else important there is no justification for
> > giving away full fledged shells to people who don't need them.
>
> Ha
On Wed, Aug 09, 2000 at 04:33:08PM -0400, Noel L Yap wrote:
> When using SSH, the server can specify exactly what the client
> can do. Why not just limit them to using "cvs server"?
Because you can't. CVS is so riddled full of security holes that giving
someone access to run "cvs server" means
On Wed, Aug 09, 2000 at 04:38:46PM -0400, Noel L Yap wrote:
> In a good SSH setup, how do untrusted people authenticate themselves
> as trusted?
They lie to me and I give them a password. Next they attack.
> With pserver, it's really easy, just steal the .cvspasswd file.
That's actually pretty
On Wed, Aug 09, 2000 at 03:57:16PM -0600, Tobias Weingartner wrote:
> On Wednesday, August 9, Justin Wells wrote:
> >
> > If I move to ssh, I will definately still be using chroot. Even on a
> > box where there's nothing else important there is no justification for
> > giving away full fledged
On Wed, Aug 09, 2000 at 05:18:15PM -0500, David Thornley wrote:
> Are you sure?
>
> I have very limited experience with Microsoft Windows, but there is an
> InstallShield thing that can make it easy to install complicated
Actually, yeah.
I found it easier to install ssh on a win32 box than I've
On Wednesday, August 9, "Derek R. Price" wrote:
> Tobias Weingartner wrote:
>
> > On Wednesday, August 9, Justin Wells wrote:
> > >
> > > If I move to ssh, I will definately still be using chroot. Even on a
> > > box where there's nothing else important there is no justification for
> > > giving
[ On Wednesday, August 9, 2000 at 20:14:19 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> > However with SSH on a dedicated system you
> > have something that cannot be attacked by an unauthorised user!
&
[ On Wednesday, August 9, 2000 at 19:57:04 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> Greg was arguing against chroot. He claims it offers *no* improvement in
> security at all.
It offers no improvement in
[ On Wednesday, August 9, 2000 at 20:05:32 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> In other words I'm an optomist and greg is a pessimist. I view something
> as "secure enough" if you can li
On Thu, Aug 10, 2000 at 02:46:54AM -0400, Greg A. Woods wrote:
> *YOU* should have been capable of writing that documentation in the
> first place and ensuring that your users understood it sufficiently.
> You can use that documentation *NOW*. You should be capable of using
> that documentation
27;t really interest me. But since this discussion breeds
more heat than light, I suggest that such discourse might become a bit more
constructive and useful.
--- Forwarded mail from [EMAIL PROTECTED]
[ On Wednesday, August 9, 2000 at 01:37:01 (-0600), Tobias Weingartner wrote: ]
> Subject: Re: c
Isn't it Justin's point that his users can't be held accountable for their
actions? What does he do if user accountability simply isn't part of the
equation?
--- Forwarded mail from [EMAIL PROTECTED]
> If I move to ssh, I will definately still be using chroot. Even on a
> box where there's no
[EMAIL PROTECTED] on 2000.08.09 19:57:04
>Because, with the patch that I previously posted, that spawned this whole
>thread, my pserver runs in a chrooted partition. I'm defended against the
>risk: even if they break through CVS (which shouldn't be hard) that
>doesn't get them through to the f
[EMAIL PROTECTED] on 2000.08.09 20:05:32
>On Wed, Aug 09, 2000 at 04:38:46PM -0400, Noel L Yap wrote:
>> In a good SSH setup, how do untrusted people authenticate themselves
>> as trusted?
>
>They lie to me and I give them a password. Next they attack.
Uhuh. And how do you do manage identifi
On Thu, Aug 10, 2000 at 09:31:21AM -0400, Noel L Yap wrote:
> So why not chroot the SSH cvs server?
When SSH is well enough supported by the clients that is exactly what
I will do.
> If they're
> trying to break through CVS, they'll also find a way to break through chroot.
It's not trivial to
On Thu, Aug 10, 2000 at 09:45:13AM -0400, Noel L Yap wrote:
> (Also, IMHO, the
> clients should generate the key pair (what password are you
> talking about?) and give you the public key).
OK, so they do that and then they attack me. Really, what does it matter
that I know their email address? W
1 - 100 of 128 matches
Mail list logo