[ On Wednesday, August 9, 2000 at 19:48:24 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory
>
> My requirement is that if someone proves to be untrustworthy I want
> to be able to disable their access to the box and undo whatever it
> is that they've done. I also want to limit the damage they might
> do to just the CVS repository itself so I don't have as big a clean-up
> to do when I make a mistake.
You're learning, slowly, it seems. Integrity and accountability really
are fundamental requirements to achieving systems security.
> > If you have a competitive environment, where
> > users will try to torpedo other projects, then all bets are off.
>
> Sure. If I see that happening someone gets axed. But, someone might try
> it and I might have to axe them. Having a chroot'ed repository limits the
> number of nasty things they can do before they get the axe.
Not really -- especially if the only thing of value you have on the
system in question is your repository itself!
> It's worth noting that I've never had to do this. But I am prepared to
> do it if I ever have to.
>
> What Greg is missing here is that security is just as much about recovering
> from an attack after it happens, as it is about preventing it in the
> first place.
Just don't try to blame me for your misunderstandings! I've been
telling you this from day one!
> My scheme is weak on prevention because it uses pserver, but it is very
> strong on recovery. Even an ssh scheme should have a strong recovery
> capability to be secure, and I think that means using chroot (or better
> yet, jail(2) on FreeBSD).
You cannot have accountability with cvspserver, at least not without
voiding your warranty and running CVS as root for a bit....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
