[ On Thursday, August 10, 2000 at 11:56:13 (-0400), Rich Salz wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> My last word on the subject.
>
> CVS requires everyone to be in your passwd file. So does SSH, no?
No, CVS when using the cvspserver protocol does not have such a
requirement. That's the problem.
It could be re-implemented to have such a reqirement, but only at the
expense of running more/new code as root. That's also a problem.
Even if you farm off the authentication task to an isolated daemon like
Cyrus IMAPd does, you still have to "authorise" the user (if you offer
commit access) by using setuid(user), so that means you might as well do
the authentication too in order to reduce complexity, and if you do that
then you should probably do it externally in a small easy-to-audit
wrapper program, at which point you're back to re-inventing and
re-implementing RSH at the minimum anyway; so why bother!
Both problems, plus all the man-in-the-middle attacks, are solved by
SSH, the latter (running more/new code as root) being "solved" in the
sense that SSH was: a) designed to do both authentication and
authorisation; and b) it's a shared problem with all other uses/users of
SSH and thus has had significant amounts of attention paid to its
implementation.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
