[ On Sunday, August 6, 2000 at 22:27:22 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> On Sun, Aug 06, 2000 at 07:37:56PM -0400, Greg A. Woods wrote:
> > If someone breaks your hacked chroot patch they will, by your design,
> > have superuser privileges, at which point chroot is meaningless because
> > anyone capable of doing the first crack will snuff your chroot in mere
> > seconds and you'll be so fubared that you might not even be able to
> > detect any problem for weeks, months, or even years! Read Phrack#54,
> > for an example of how they can hide from you indefinitely. In fact it's
> > practically script-kiddie fodder by now.....
>
> This has *always* been true of pserver. It must start out running as root,
> and does not run any other way. If you try and run it as a non-root user
> it errors when it attempts to call setgid/setuid--with or without my patch.
That is true of the current *BROKEN* implementation, but it is not a
design limitation.
The *ONLY* secure way to use cvspserver is to rip out the current crap
in the implementation that requires it to run as root and then to run it
only as a non-privileged unique user-id which is given permission to
read (and only read, i.e. it must be through group ownership) the
CVSROOT/passwd file. I've been saying this for over a year now. Never
*EVER* run CVS as root, not even for one CPU cycle! It was *never*
right to do so and it technically cannot be made to be right!
This of course still implies that it only be used within a secure
network, and as such it is still of extremely limited utility and it is
still completely unnecessary given the available alternatives that
completely wipe it out in terms of enhanced security!
> CVS pserver has always been script kiddie fodder, but my patch makes it
> much less so:
NO, it does NOT!
> Your argument seems to be that anything that is not absolutely
> perfect ought to be dropped. I'll accept that argument when people
> agree to drop pserver entirely from CVS--until then the chroot
> patch is badly needed.
No, my argument is that there multiple working solutions that do not
rely on inherently insecure techniques. Continuing to use broken crap
just because it's there is wrong, though the fault lies in those who've
been continuing to maintain it in CVS, not the end user, of course.
> Your argument against my patch boils down to "I hate pserver, please
> don't improve it." Ridiculous.
You literally, technically, *cannot* improve it, especially when you
misunderstand systems security, so PLEASE don't even bother trying!
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
