[ On , August 6, 2000 at 11:12:01 (+0400), Alexey Mahotkin wrote: ]
> Subject: Re: patch to make CVS chroot
>
> Because when you are sourceforge.net and there are several (tens) thousands
> of developers, things change it seems to me.
My meager little tiny systems can support millions of users (so long as
they're not all logged in at once, of course).
Sourceforge is a *perfect* target for attacks against cvspserver. So
far they seem to only allow write access via SSH (see Justin, it does
work! check out <URL:http://sfdocs.sourceforge.net/> and in particular
their sections on Win32/CVS/SSH), but they don't yet seem to have
separated their writable repository from the anonymous access service
provided through cvspserver. While they have the potential of having
lots of integrity auditing, they don't seem to have any published formal
procedures for ensuring the repositories they host are not compromised.
If I had any say in sourceforge I'd encourage them to move read-only
anonymous access over to a separate non-trusted system that cannot write
to the live repositories (they could do this either with NFS and a
couple of tiny hacks, or with regular CVSup updates, etc.) and I'd
further encourage them to ditch cvspserver support entirely and set up
unique (i.e. per-project) anonymous SSH accounts for read-only access.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
