[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ANN: cvssh - secure ext-to-pserver bridge
From: |
Michal Wallace |
Subject: |
Re: ANN: cvssh - secure ext-to-pserver bridge |
Date: |
Thu, 24 Jan 2002 20:40:53 -0500 (EST) |
On Thu, 24 Jan 2002, Greg A. Woods wrote:
> > When someone uses shared accounts, they throw away Unix
> > security. Maybe that's your point, but on the other hand
> > Unix security is not needed in many carefully controlled
> > situations.
>
> No, they throw away any and all possibility of
> accountability, especially with CVS. Period.
Hi Greg,
You obviously have very strong feelings about this... Can
you help me understand specifically what risks are involved?
These are the precautions I'm taking:
- The CVSROOT directory is read-only, so customers can't add
their own users without going through me, nor can they
set up wrappers.
- CVS runs as the user(s) specified in the CVSROOT/passwd
file. Each repository gets its own user, that does not
have access to any other repository.
- The cient-server traffic is protected with SSL.
- I am in the process of setting up a chrooted jail
(or jails) on the server, to keep CVS from accessing
any other directories.
What am I missing? What other sorts of security issues do
you see?
Thanks,
- Michal http://www.sabren.net/ address@hidden
------------------------------------------------------------
Give your ideas the perfect home: http://www.cornerhost.com/
cvs - weblogs - php - linux shell - perl/python/cgi - java
------------------------------------------------------------
- ANN: cvssh - secure ext-to-pserver bridge, Michal Wallace, 2002/01/23
- Re: ANN: cvssh - secure ext-to-pserver bridge, Greg A. Woods, 2002/01/23
- Re: ANN: cvssh - secure ext-to-pserver bridge, Michal Wallace, 2002/01/23
- Re: ANN: cvssh - secure ext-to-pserver bridge, Greg A. Woods, 2002/01/23
- Re: ANN: cvssh - secure ext-to-pserver bridge, Paul Sander, 2002/01/24
- Re: ANN: cvssh - secure ext-to-pserver bridge, Greg A. Woods, 2002/01/24
- Re: ANN: cvssh - secure ext-to-pserver bridge, Paul Sander, 2002/01/24
- Re: ANN: cvssh - secure ext-to-pserver bridge, Greg A. Woods, 2002/01/24
- Re: ANN: cvssh - secure ext-to-pserver bridge,
Michal Wallace <=
- Re: ANN: cvssh - secure ext-to-pserver bridge, Greg A. Woods, 2002/01/25
- Re: ANN: cvssh - secure ext-to-pserver bridge, Paul Sander, 2002/01/25
- Re: ANN: cvssh - secure ext-to-pserver bridge, Greg A. Woods, 2002/01/25
- Re: ANN: cvssh - secure ext-to-pserver bridge, Paul Sander, 2002/01/25
- Re: ANN: cvssh - secure ext-to-pserver bridge, Greg A. Woods, 2002/01/25
- Re: ANN: cvssh - secure ext-to-pserver bridge, Paul Sander, 2002/01/26