<!-- MHonArc v2.4.4 -->
<!--X-Subject: [MUD-Dev] Re: Ruminations on CVS and developing in the Bazaar -->
<!--X-From-R13: X Q Znjerapr <pynjNhaqre.rate.ftv.pbz> -->
<!--X-Date: Tue, 1 Dec 1998 16:32:03 -0800 -->
<!--X-Message-Id: 199812020030.QAA31273#under,engr.sgi.com -->
<!--X-Content-Type: text/plain -->
<!--X-Reference: Pine.LNX.4.04.9811302058450.2692-100000#burrito,cyberhighway.net -->
<!--X-Head-End-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<title>MUD-Dev message, [MUD-Dev] Re: Ruminations on CVS and developing in the Bazaar</title>
<!-- meta name="robots" content="noindex,nofollow" -->
<link rev="made" href="mailto:claw#under,engr.sgi.com">
</head>
<body background="/backgrounds/paperback.gif" bgcolor="#ffffff"
text="#000000" link="#0000FF" alink="#FF0000" vlink="#006000">
<font size="+4" color="#804040">
<strong><em>MUD-Dev<br>mailing list archive</em></strong>
</font>
<br>
[ <a href="../">Other Periods</a>
| <a href="../../">Other mailing lists</a>
| <a href="/search.php3">Search</a>
]
<br clear=all><hr>
<!--X-Body-Begin-->
<!--X-User-Header-->
<!--X-User-Header-End-->
<!--X-TopPNI-->
Date:
[ <a href="msg00880.html">Previous</a>
| <a href="msg00882.html">Next</a>
]
Thread:
[ <a href="msg00875.html">Previous</a>
| <a href="msg00861.html">Next</a>
]
Index:
[ <A HREF="author.html#00881">Author</A>
| <A HREF="#00881">Date</A>
| <A HREF="thread.html#00881">Thread</A>
]
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<H1>[MUD-Dev] Re: Ruminations on CVS and developing in the Bazaar</H1>
<HR>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
<UL>
<LI><em>To</em>: <A HREF="mailto:mud-dev#kanga,nu">mud-dev#kanga,nu</A></LI>
<LI><em>Subject</em>: [MUD-Dev] Re: Ruminations on CVS and developing in the Bazaar </LI>
<LI><em>From</em>: J C Lawrence <<A HREF="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</A>></LI>
<LI><em>Date</em>: Tue, 01 Dec 1998 16:30:55 -0800</LI>
<LI><em>Reply-To</em>: <A HREF="mailto:mud-dev#kanga,nu">mud-dev#kanga,nu</A></LI>
</UL>
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<HR>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<PRE>
On Mon, 30 Nov 1998 21:09:01 -0700 (MST)
greear <greear#cyberhighway,net> wrote:
> On Mon, 30 Nov 1998, J C Lawrence wrote:
>> There are two levels to such trust:
>>
>> 1) Trust them when accessing your machine (or whoever might gain
>> access to your machine via the account you give them).
...
>> #1 is a bitch, and one I am becoming intimately familiar with
>> under CVS. The problem is that any given CVS user with write
>> access to the repository effectively has the ability to execute
>> arbitrary programs on your machine without your control. This is
>> not something I'm happy with for Kanga.Nu (I'm paranoid). After
>> a lot of beating about the bush and messing with SSH, and SSH
>> pipes in attempt to secure (more) the authentication end of CVS
>> (its pretty lightweight out of the box) with the idea of using
>> SSH to help limit the number of people who know or can get the
>> authentication data, I've finally given up. SSH1 just can't make
>> port forwarded pipes to accounts which aren't login/shell
>> accounts (ideally I'd use an account with /bin/false for a shell,
>> a * password, and whose home directory is root.root with 0400
>> permissions) and I'm uncomfortable with the security of SSH2 as
>> well as its licensing restrictions.
> You don't have to give anyone an account on your machine.
The account limitation is part of SSH1. SSH2 doesn't have that
limitation -- it has different problems.
> (I think you know this, just pointing it out..) You just map
> their account to the cvs-user account.
Even if you use aliases, they have to end up mapping to a valid
account on your CVS machine, and due to the way that CVS is put
together, once a person has CVS write access to your repository, you
can safely assume that they are able to execute arbitrary programs
under that User ID. Worse, if they can compromise the pserver
(something that was not expressly architected for security) you can
probably also assume that they can execute arbitrary programs as
root.
I'm minorly willing to live with the fact that unknowns might be
able to compromise the pserver and thus compromise root on my
system. Its a nasty fact, but its not something I can change
easily. I am utterly unwilling to give unknowns the ability to
execute arbitrary programs on my servers. All it takes in one yobbo
watching you type your password before next thing I know "cvs_user"
if off running `rm` and friends in unhealthy places.
> In the above example, there is no need to create the user 'ben',
> and there is no reason that the end user should know cvs_user's
> password. Using this, other than the cvs commands, I'm not sure
> if you really can get into the box. Of course, haven't tried too
> hard or read extensively on it...
Read the Cyclic pages, The basic summary: You are safe in assuming
that CVS users can execute arbitrary programs on your CVS host.
Remember: CVS is *built* to run programs as part of its checkin and
checkout procedure. It provides a vast number of opportunities for
compromise.
--
J C Lawrence Internet: claw#kanga,nu
(Contractor) Internet: coder#kanga,nu
---------(*) Internet: claw#under,engr.sgi.com
...Honourary Member of Clan McFud -- Teamer's Avenging Monolith...
</PRE>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<HR>
<!--X-Follow-Ups-End-->
<!--X-References-->
<UL><LI><STRONG>References</STRONG>:
<UL>
<LI><STRONG><A NAME="00875" HREF="msg00875.html">[MUD-Dev] Re: Ruminations on CVS and developing in the Bazaar</A></STRONG>
<UL><LI><EM>From:</EM> <greear#cyberhighway,net></LI></UL></LI>
</UL></LI></UL>
<!--X-References-End-->
<!--X-BotPNI-->
<UL>
<LI>Prev by Date:
<STRONG><A HREF="msg00880.html">[MUD-Dev] Re: Hex-grid mapping</A></STRONG>
</LI>
<LI>Next by Date:
<STRONG><A HREF="msg00882.html">[MUD-Dev] Re: Hex-grid mapping</A></STRONG>
</LI>
<LI>Prev by thread:
<STRONG><A HREF="msg00875.html">[MUD-Dev] Re: Ruminations on CVS and developing in the Bazaar</A></STRONG>
</LI>
<LI>Next by thread:
<STRONG><A HREF="msg00861.html">[MUD-Dev] [RELEASE] Insanity To Infinity (I:I_OS) v.02a</A></STRONG>
</LI>
<LI>Index(es):
<UL>
<LI><A HREF="index.html#00881"><STRONG>Date</STRONG></A></LI>
<LI><A HREF="thread.html#00881"><STRONG>Thread</STRONG></A></LI>
</UL>
</LI>
</UL>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<ul><li>Thread context:
<BLOCKQUOTE><UL>
<LI><strong><A NAME="00862" HREF="msg00862.html">[MUD-Dev] Ruminations on CVS and developing in the Bazaar</A></strong>,
Ben Greear <a href="mailto:greear#cyberhighway,net">greear#cyberhighway,net</a>, Sat 28 Nov 1998, 06:33 GMT
<UL>
<LI><strong><A NAME="00863" HREF="msg00863.html">[MUD-Dev] Ruminations on CVS and developing in the Bazaar</A></strong>,
Petri Virkkula <a href="mailto:pvirkkul#iki,fi">pvirkkul#iki,fi</a>, Sat 28 Nov 1998, 08:36 GMT
</LI>
<LI><strong><A NAME="00873" HREF="msg00873.html">[MUD-Dev] Re: Ruminations on CVS and developing in the Bazaar</A></strong>,
J C Lawrence <a href="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</a>, Tue 01 Dec 1998, 03:46 GMT
<UL>
<LI><strong><A NAME="00875" HREF="msg00875.html">[MUD-Dev] Re: Ruminations on CVS and developing in the Bazaar</A></strong>,
greear <a href="mailto:greear#cyberhighway,net">greear#cyberhighway,net</a>, Tue 01 Dec 1998, 04:32 GMT
<UL>
<LI><strong><A NAME="00881" HREF="msg00881.html">[MUD-Dev] Re: Ruminations on CVS and developing in the Bazaar</A></strong>,
J C Lawrence <a href="mailto:claw#under,engr.sgi.com">claw#under,engr.sgi.com</a>, Wed 02 Dec 1998, 00:32 GMT
</LI>
</UL>
</LI>
</UL>
</LI>
</UL>
</LI>
<LI><strong><A NAME="00861" HREF="msg00861.html">[MUD-Dev] [RELEASE] Insanity To Infinity (I:I_OS) v.02a</A></strong>,
Bobby Bailey <a href="mailto:mush#smidefix,karen.hik.se">mush#smidefix,karen.hik.se</a>, Fri 27 Nov 1998, 03:12 GMT
<LI><strong><A NAME="00856" HREF="msg00856.html">[MUD-Dev] [RELEASE] Insanity To Infinity (I:I_OS) v.01a</A></strong>,
Bobby Bailey <a href="mailto:mush#smidefix,karen.hik.se">mush#smidefix,karen.hik.se</a>, Wed 25 Nov 1998, 03:21 GMT
<UL>
<LI><strong><A NAME="00857" HREF="msg00857.html">[MUD-Dev] Re: [RELEASE] Insanity To Infinity (I:I_OS) v.01a</A></strong>,
Robin Carey <a href="mailto:r.carey#dcs,napier.ac.uk">r.carey#dcs,napier.ac.uk</a>, Wed 25 Nov 1998, 09:07 GMT
<UL>
<LI><strong><A NAME="00858" HREF="msg00858.html">[MUD-Dev] Re: [RELEASE] Insanity To Infinity (I:I_OS) v.01a</A></strong>,
Bobby Bailey <a href="mailto:mush#smidefix,karen.hik.se">mush#smidefix,karen.hik.se</a>, Wed 25 Nov 1998, 15:44 GMT
</LI>
</UL>
</LI>
</UL>
</LI>
</UL></BLOCKQUOTE>
</ul>
<hr>
<center>
[ <a href="../">Other Periods</a>
| <a href="../../">Other mailing lists</a>
| <a href="/search.php3">Search</a>
]
</center>
<hr>
</body>
</html>
