On Wed, Aug 09, 2000 at 11:27:30AM -0600, Tobias Weingartner wrote:
> On Wednesday, August 9, Justin Wells wrote:
> >
> > ssh CVS is just as vulnerable though. Just because I gave someone a write
> > password doesn't mean that they are going to be trustworthy.
>
> Right there you are contradicting yourself. If you *give* someone a means
> to make changes, that implies that you *trust* them to make changes. If
> that is not the case, you are painting yourself into a corner.
Someone might lie to me to get write access and then attack my box. Under
my solution they don't get very far because they don't have a general
shell: they're contained to changing the CVS repository, which I can
quite easily detect by examining the diffs.
Under your scheme they get a general shell without much effort and can
do damn near what they please without me being able to detect anything.
> > Even if I find out who they are--what am I going to do about it? Sue them?
> > What if they are outside North America?
>
> A rather US centered attitude. Sue them? Given *trust*, this should not be
> an issue. And yes, there are a number of means to establish trust among users
> and clients. They all take some non-finite amount of time and commitment
> though. (At least the ones I know of...)
I'm Canadian. I'm just trying to point out that I have almost no recourse to
go after someone who abuses my system if they happen to live in Russia
or China or some other country with weak ties to Canada. Even if they
do live in Canada and I can sue/charge them with something the odds are
I'm not going to waste my time doing that--I'd rather have defended against
the risk than have to sue them.
You people are so wrapped up worrying about the authentication
issues that you have completely overlooked all the real security
issues facing a public CVS server.
Running CVS inside a chroot is sensible whether you are authenticating
with pserver, or ssh, or your magic green wand.
Justin
