[ On Monday, June 14, 1999 at 08:44:33 (+0100), John Riddoch wrote: ]
> Subject: Re: CVS and SSH?
>
> One of the files in $CVSROOT/CVS has a command which has to be run
> before/after checkouts/checkins (sorry, I don't remember the details). If
> this file is not secured properly, it may be set to a trojan so as to give a
> less priveleged user access to a different account. Unless root uses CVS,
> it's not a root exploit, but I'd rather not allow non-priveleged users the
> possibility of getting into my account.
I think that's a bogus argument, at least from a risk analysis point of
view.
Presumably any CVS administrator will have properly evaluated which
developers can be trusted with access to the actual CVSROOT module, and
will have secured it appropriately. Even if this *has* been done it's
not beyond the stretch of the imagination that a developer might
introduce an obfuscated trojan in the code being developed and your
account could be compromised if you're working on different parts of the
same project and you run their code. They might even manage to revert
their changes after compromising your code and you'd have a very hard
time ever detecting that your account had been compromised.
However I'd guess that the risks to the perpetrator are almost as high
as they are to you, so generally you don't have to worry too much about
these things.
> I've set up pserver access so as to use a non-root user. You don't _have_ to
> put root in inetd.conf. Of course, inetd has to be editted by root...
That'll only work for a single pserver account though, as the pserver
process won't be able to setuid() to any other user. This is of course
perfectly fine for a single user, or for anonymous read-only access.
The CVSROOT module must still be appropriately secured, of course.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
