Re: cvs security problem

["Greg A. Woods" <woods () weird com>]

[ On , July 31, 2000 at 15:02:40 (+0900), Tanaka Akira wrote: ]
> Subject: Re: cvs security problem
>
> I think shell access is too dangerous.  If shell access is possible,
> crackers can install dangerous programs to crack other machines.  So,
> the assumption is unacceptable for me.

Shell access is not "dangerous" if it's done properly.  A properly
secured annonymous CVS server will not be trusted by any other systems
and it will not have enough tools installed on it to to be of any use to
the cracker.  Neither will it reside on a network segment where
sensitive traffic passes by.  It will be monitored regularly and
automatically for unauthorised use, and the integrity of the CVS
repository it serves will be regularly and automatically verified.

> Hm... I found another one with few hours investigating.  I agree that
> it's very insecure.

PLEASE TRY TO UNDERSTAND:  CVS is not insecure, _by_definition_!

CVS is DESIGNED *ONLY* to be used by people with shell access!!!!  This
fact *MUST* be taken into account by *everyone* who sets up annonymous
CVS servers!  I.e. you MUST assume that a determined cracker will
eventually be able to gain shell access to your anonymous CVS server and
you must take the precautions outlined above if you wish to protect it.

The only potential security problem with CVS is that the manual might
not stress this semi-obvious fact strongly enough.

Perhaps if the inherently insecure cvspserver support were ripped out of
it (it *NEVER* should have been added in the first place!), this
wouldn't be an issue.

--
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods () acm org>      <robohack!woods>
Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>