On Tue, Aug 08, 2000 at 02:53:30PM -0400, Greg A. Woods wrote:
> [ On Monday, August 7, 2000 at 23:14:36 (-0400), Justin Wells wrote: ]
> > Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
> >
> > If that's all you want to accomplish it wouldn't be much work to move the
> > pserver code out of CVS into a binary called pserver which performs an
> > exec() after reading the authorization block. Isn't this what nserver does?
> >
> > I think that's a good idea. Less code to audit.
>
> Hmmm... yeah, and guess what SSH does too!
And if ssh spoke pserver protocol that would be great. Duh.
> You don't seem to understand -- *ALL* of the code in the process is
> subject to attack while it is running, and indeed some systems even make
> it possible for that other code to regain privileges once held by the
> process.
Unless you're talking about recent versions of Linux, FreeBSD, or Solaris
I really don't give a damn. Add some documentation warning people of the
risk. I don't subscribe to your philosophy that all humans are morons and
can't do their own risk analysis. I believe in giving capable people the
tools they need to get the job done.
>
> The only secure solution is to never allow CVS to execute as root. Period.
Whatever. You lost this one a long time ago, Greg.
Justin
