Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)

[Justin Wells]

On Thu, Aug 10, 2000 at 09:31:21AM -0400, Noel L Yap wrote:

> So why not chroot the SSH cvs server?

When SSH is well enough supported by the clients that is exactly what 
I will do.

> If they're
> trying to break through CVS, they'll also find a way to break through chroot.

It's not trivial to break out of chroot unless you are the root user (in 
which case it is trivial). It may not even be possible to do. You would 
have to find a root-shell exploit against the OS kernel itself, as there
isn't any setuid code inside the chroot for you to exploit.

> At least with SSH, you know who is doing it.

Do you really? All I generally know is the email address of what seems like
a pretty nice and fairly capable developer.

> I'd say, give those you don't trust (layman meaning) access to a mirror
> repository that you manually audit.  Any changes made to that repository must be
> manually transferred back to the real repository.  There should be no way to
> connect from the mirror repository server to the real repository server.

That imposes a significant barrier to development. Moving my product 
forward is far more important than these security issues are. I can 
tolerate being hacked. I can't tolerate barriers to development.

Justin