-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] writes:
> > I have known others to make the cvs executable be set-gid to a 'cvs'
> > group and for all directories to be owned by a user 'cvs' and group
> > 'cvs' and have 'u=rwx,g=rwxs,o=' (2770) permissions for all directories.
> >
Mark,
Thanks for your cogent and lucid explanation. You cleared up a lot for me.
Please see in-line comments and questions.
On Sunday 29 February 2004 5:59 pm, Mark D. Baushke wrote:
> [EMAIL PROTECTED] writes:
> > The problem is that the cvs directory is on the same machine as all
> > the othe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] writes:
> The problem is that the cvs directory is on the same machine as all
> the other server stuff including user's server home directories.
What you describe is a non-optimal setup. Do try to use a dedicated
machine which does
On Tuesday 20 January 2004 11:46 am, Andrew Marlow wrote:
> "Rhodes, Phillip C." <[EMAIL PROTECTED]> writes:
> >I am nervous that all my cvs archives are owned by a group that all of
> >our developers are a member of.
> >That is, any developer with a unix account (all of them) can nuke the
> >archi
[ On Wednesday, January 21, 2004 at 13:12:05 (-0800), WJCarpenter wrote: ]
> Subject: Re: what's to stop a developer from nuking the repository?
>
> So, since it's unreliable to read between the lines to try to figure
> out what you're saying, is it that there ar
gaw> CVS is not a security application, was not designed as a security
gaw> application, and despite recent hackish patches is not
gaw> implemented as a security application. CVS does not provide the
gaw> same level of authentication, and not even remotely the same
gaw> level of authorization cont
> [ On Tuesday, January 20, 2004 at 15:13:08 (-0600), [EMAIL PROTECTED] wrote: ]
> > Subject: Re: what's to stop a developer from nuking the repository?
> >
> > > If you have a trusted network and you do feel comfortable with telnet
> > > and rlog
[ On Tuesday, January 20, 2004 at 15:13:08 (-0600), [EMAIL PROTECTED] wrote: ]
> Subject: Re: what's to stop a developer from nuking the repository?
>
> The key here is accountability, I think.
Indeed it is! ;-)
> pserver has effectively no
> accountability, and telnet/rlog
[ On Tuesday, January 20, 2004 at 14:02:19 (-0600), johnny fulcrum wrote: ]
> Subject: Re: what's to stop a developer from nuking the repository?
>
> Is there more than one way to run Pserver?
Of course.
> All my pserver users have
> accounts on the unix box (err "uni
[ On Tuesday, January 20, 2004 at 14:18:53 (-0500), Larry Jones wrote: ]
> Subject: Re: what's to stop a developer from nuking the repository?
>
> Greg A. Woods writes:
> >
> > Telnet and rlogin and similar still provide on heck of a lot more
> > accountabili
On Tue, 20 Jan 2004 14:08:45 -0500 (EST), Greg A. Woods <[EMAIL PROTECTED]>
wrote:
[ On Tuesday, January 20, 2004 at 11:03:38 (-0500), Larry Jones wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
I think that's still overstating the case. If you run
> [ On Tuesday, January 20, 2004 at 11:03:38 (-0500), Larry Jones wrote: ]
> > Subject: Re: what's to stop a developer from nuking the repository?
> >
> > I think that's still overstating the case. If you run CVS on a network
> > where you can trust people e
Greg A. Woods writes:
>
> Telnet and rlogin and similar still provide on heck of a lot more
> accountability (over a trusted network) than pserver could ever possibly
> do.
I disagree.
-Larry Jones
Mom must've put my cape in the wrong drawer. -- Calvin
[ On Tuesday, January 20, 2004 at 10:58:32 (-0500), Mike Echlin wrote: ]
> Subject: Re: what's to stop a developer from nuking the repository?
>
> 90% of security risks are people inside your firewall.
Well, yes, though it depends on your threat models and exactly what
you're d
>--- Forwarded mail from [EMAIL PROTECTED]
>At 04:15 AM 1/20/2004, Andy Jones wrote:
>>am I right in thinking that Greg's opinion does not reflect the majority
>>view?
>No.
Yes.
>And besides, Greg is one of the resident experts on CVS. Listen to him.
So am I.
Greg seems to have this idea tha
[ On Tuesday, January 20, 2004 at 11:03:38 (-0500), Larry Jones wrote: ]
> Subject: Re: what's to stop a developer from nuking the repository?
>
> I think that's still overstating the case. If you run CVS on a network
> where you can trust people enough that you're conf
[ On Tuesday, January 20, 2004 at 10:06:32 (+0100), Claus Henriksen wrote: ]
> Subject: Re: what's to stop a developer from nuking the repository?
>
> Has anybody made a long wishlist of things to be changed in pserver?
There is only one thing that can be changed: the PSERVER
Title: Re: what's to stop a developer from nuking the repository?
You should be making this choice (pserver or not) based on what security you want/need. Realistically this is going to be somewhere between perfection and better_than_I_had_already. Lets face it if you were using a s
On Tue, 20 Jan 2004 11:03:38 -0500 (EST), Larry Jones
<[EMAIL PROTECTED]> wrote:
[EMAIL PROTECTED] writes:
Quibble time: *if* you run cvs on a network you're sure is secure
and everybody on it can be absolutely trusted (to the point where you'd
be perfectly comfortable giving the root password t
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] wrote:
> *if* you run cvs on a network you're sure is secure
> and everybody on it can be absolutely trusted (to the point
> where you'd
> be perfectly comfortable giving the root password to anybody
> who had an
> actual need for it), pserver is usable
[EMAIL PROTECTED] writes:
>
> Quibble time: *if* you run cvs on a network you're sure is secure
> and everybody on it can be absolutely trusted (to the point where you'd
> be perfectly comfortable giving the root password to anybody who had an
> actual need for it), pserver is usable. It serves
[EMAIL PROTECTED] wrote:
Please forgive me if I am mistaken, and in any case I certainly don't want
to start a flame war, but am I right in thinking that Greg's opinion does
not reflect the majority view?
I can't speak for the majority, but I pretty much agree with Greg.
Quibble time: *
Andy Jones [mailto:[EMAIL PROTECTED] wrote:
> >At 04:15 AM 1/20/2004, Andy Jones wrote:
> >>am I right in thinking that Greg's opinion does not reflect
> the majority view?
It seems to me that the more one learns about computer security, the more
one tends to agree with Greg on this issue.
> >No.
>At 04:15 AM 1/20/2004, Andy Jones wrote:
>>am I right in thinking that Greg's opinion does not reflect the majority view?
>
>No.
>
>And besides, Greg is one of the resident experts on CVS. Listen to him.
I didn't say that his point of view was not valid.
I didn't say that he was wrong.
Please
Andy Jones wrote:
Tirsdag den 20. januar 2004 09:33 skrev Greg A. Woods:
[ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ]
Subject: Re: what's to stop a developer from nuking the repository?
have unix command line users use :pserver:
That's really Really REALLY _B_A
>
> Please forgive me if I am mistaken, and in any case I certainly don't want
>to start a flame war, but am I right in thinking that Greg's opinion does
>not reflect the majority view?
>
I can't speak for the majority, but I pretty much agree with Greg.
Quibble time: *if* you run cvs on a n
At 04:15 AM 1/20/2004, Andy Jones wrote:
am I right in thinking that Greg's opinion does not reflect the majority
view?
No.
And besides, Greg is one of the resident experts on CVS. Listen to him.
Fred
___
Frederic W. Brehm, Sarnoff Cor
th.
Cheers,
Jan
> -Original Message-
> From: Andy Jones [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 20, 2004 10:16 AM
> To: [EMAIL PROTECTED]
> Subject: Re: what's to stop a developer from nuking the repository?
>
>
> At 09:06 am 20/1/04, Claus
"Rhodes, Phillip C." <[EMAIL PROTECTED]> writes:
>
>I am nervous that all my cvs archives are owned by a group that all of
>our developers are a member of.
>That is, any developer with a unix account (all of them) can nuke the
>archives.
>
>Besides backups any thoughts on this? Sorry, I am ne
At 09:06 am 20/1/04, Claus Henriksen wrote:
>Tirsdag den 20. januar 2004 09:33 skrev Greg A. Woods:
>> [ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ]
>>
>> > Subject: Re: what's to stop a developer from nuking the repository?
>> >
>>
Tirsdag den 20. januar 2004 09:33 skrev Greg A. Woods:
> [ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ]
>
> > Subject: Re: what's to stop a developer from nuking the repository?
> >
> > have unix command line users use :pserver:
>
> That
[ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ]
> Subject: Re: what's to stop a developer from nuking the repository?
>
> have unix command line users use :pserver:
That's really Really REALLY _B_A_D_ advice
There is absolutely _NO_ accountabilty o
Rhodes, Phillip C. wrote:
> I am nervous that all my cvs archives are owned by a group that
all of our developers are a member of.
> That is, any developer with a unix account (all of them) can
nuke the archives.
>
> Besides backups any thoughts on this? Sorry, I am new to
cvs...
>
> We wil
I am nervous that all my cvs archives are owned by a group that all of our developers
are a member of.
That is, any developer with a unix account (all of them) can nuke the archives.
Besides backups any thoughts on this? Sorry, I am new to cvs...
We will be using both the unix-command lin
34 matches
Mail list logo