TC wrote:
>
> Hi ALL
>
> I have been watching this blazing thread on [EMAIL PROTECTED] about
> the issues with using pserver & security.
> At present my cvs install is simply using pserver with userid@ntbox
> no passswd just the user names on the ntserver, the rights these users have
> is full nt rights on the repository, no other right any where on the nt box.
>
> I guess there are some issues here since the passwords are sent in almost
> clear text over the net so I am handing out some restricted user names on my
> nt box ..bad.
> I also have not figured out away to restrict access to thr cvsroot module.
>
> Does anyone have some points they could provide how I can tighten up my
> security
> on an CVS NT box ??? Some example configuration would be great.
>
Unfortunately the SSH idea doesn't work so well on NT, since for
ultimate security
you enable RSA Encrypted login and disable the login/password idea
completely. However
an NT service cannot change user without the plain text password of the
user (great
security, huh?), so it can't be implemented on NT (this also makes
pserver security
very poor on NT since it can't reliably drop priviledges).
(the only practical way to make things secure is to use one-way hashing
on the passwords,
ssl connections, etc. NT can't do this. It needs a two way hash
otherwise it can't
drop priviledges).
SSH using users/passwords is there, and there is an sshd available for
download. I guess
you could hack a version whicj automatically ran 'cvs server' when
logged in. I'm not sure
if this is implemented on the NT version. I'm also suspicious of giving
outside users
'real' userids - what's to stop them saying 'ssh <target> cmd.exe'?
I'm not sure if there's an ssh command line client for WinCVS to connect
to it though so
the problem may be academic (I've only found putty, which is windowed,
and useless for
CVS purposes).
ntserver protocol is the most secure on a LAN (you can 'impersonate' the
client over named
pipes... this breaks other things, but at least it's better than staying
as administrator
all the time), but I guess people don't really don't want to be opening
port 139 to the internet...
The biggest problem is NT security basically sucks. Without a setuid()
call it is nearly impossible to make secure services which are safe to
allow onto the big bad internet.
Tony
ps. Sorry if I ranted a bit but it's a sore point with me...
