> On Thursday, April 13, "Brian Huddleston" wrote:
> > > The other possibility is to tunnel the pserver over ssh, which
most
> > > people would consider outright silly, since you can just 'run the
server'
> > > native in ssh mode.
> >
> > The advantage of this approach is that you can set developers up as CVS
> > users as opposed to real users of your system. While you might trust
> > people to have repository access you might not want to trust them shell
> > access to your machine.
>
> With an "approriate" shell, this is not a problem. Basically, you can
> take the anoncvssh, and turn it into a slightly less restrictive cvssh,
> and then give each cvs user who you don't wish to have shell access this
> shell...
>
> --Toby.
Ahh...interesting. I hadn't heard of either one of those. Of course, if
you just tunnel with pserver,
you don't have to leave port 22 open on your firewall. If an 3vi1 Hac3r was
able to access your file
system somehow, they've now got a doorway in.
One of our customers had this problem, they hadn't kept up with the security
patches and some script kiddie had managed to add entries to the passwd file
using a BIND exploit. But, since there weren't any ports open that let them
use their newly created accounts so no harm was done.
I think the tunneled pserver approach follows the principle of least
privelege best. Although certainly, the pure ssh approach is easier to
setup, easier on the clients, and if you've got a clueful sysadmin that
stays on top of security maybe having login ports open is not too big a
deal. Anyway, that's my $.02. Take it for what it's worth.
Brian Huddleston
Huddleston Consulting
