Bugtraq mailing list archives

Re: cvs security problem

From: Mike Eldridge <diz () CAFES NET>
Date: Mon, 31 Jul 2000 10:39:26 -0500

On Fri, 28 Jul 2000, Kev wrote:

I found two security problems in cvs-1.10.8.

From the CVS info page (Node: Password authentication security):


     The separate CVS password file (*note Password authentication
  server::) allows people to use a different password for repository
  access than for login access.  On the other hand, once a user has
  non-read-only access to the repository, she can execute programs on the
  server system through a variety of means.  Thus, repository access
  implies fairly broad system access as well.  It might be possible to
  modify CVS to prevent that, but no one has done so as of this writing.

(cvs version 1.10.7; I'd be suprised if .8 has changed that much in this
respect.)

This has been the case for quite some time.  It would be nice if CVS
could be made more secure, but it would probably take a lot of work.


A while ago, I wrote a simple cvs wrapper that takes away this "fairly
broad system access" by setuid() and chroot().  This is the easiest method
of limiting access granted by almost anything.  Attached is source for the
wrapper.  Being only 181 lines long, I should hope there are no blatant
errors in my code, but we all do stupid things.  =)

My cvs server has a minimal set of files for a chroot()ed environment.
Following is a listing of my /usr/cvsroot.

It should be noted that cvs was never intended to be secure, but I find
that this wrapper does a nice job of ensuring minimal access.

Mike Eldridge

/usr/cvsroot:
total 6
drwxr-xr-x   2 cvs      cvs          1024 Nov 26  1999 bin
drwxr-xr-x   9 cvs      cvs          1024 Apr  4 14:07 cvsroot
drwxr-xr-x   2 cvs      cvs          1024 Nov 26  1999 dev
drwxr-xr-x   2 cvs      cvs          1024 Jun  1 14:26 etc
drwxr-xr-x   2 cvs      cvs          1024 Nov 26  1999 lib
drwxr-xr-x   2 cvs      cvs          1024 Jul 28 17:14 tmp

bin:
total 479
-rwxr-xr-x   1 cvs      cvs        486932 Oct  2  1998 cvs

cvsroot:
total 7
drwxrwxr-x   2 cvs      cvs          1024 Jun  1 14:18 CVSROOT

cvsroot/CVSROOT:
total 60
-r--r--r--   1 cvs      cvs           493 Nov 26  1999 checkoutlist
-r--r--r--   1 cvs      cvs           691 Nov 26  1999 checkoutlist,v
-r--r--r--   1 cvs      cvs           760 Nov 26  1999 commitinfo
-r--r--r--   1 cvs      cvs           958 Nov 26  1999 commitinfo,v
-r--r--r--   1 cvs      cvs           364 Nov 26  1999 config
-r--r--r--   1 cvs      cvs           562 Nov 26  1999 config,v
-r--r--r--   1 cvs      cvs           753 Nov 26  1999 cvswrappers
-r--r--r--   1 cvs      cvs           951 Nov 26  1999 cvswrappers,v
-r--r--r--   1 cvs      cvs          1025 Nov 26  1999 editinfo
-r--r--r--   1 cvs      cvs          1223 Nov 26  1999 editinfo,v
-rw-rw-r--   1 cvs      cvs         27000 Jun  9 14:18 history
-r--r--r--   1 cvs      cvs          1141 Nov 26  1999 loginfo
-r--r--r--   1 cvs      cvs          1339 Nov 26  1999 loginfo,v
-r--r--r--   1 cvs      cvs          1151 Nov 26  1999 modules
-r--r--r--   1 cvs      cvs          1349 Nov 26  1999 modules,v
-r--r--r--   1 cvs      cvs           564 Nov 26  1999 notify
-r--r--r--   1 cvs      cvs           762 Nov 26  1999 notify,v
-r--r--r--   1 cvs      cvs           649 Nov 26  1999 rcsinfo
-r--r--r--   1 cvs      cvs           847 Nov 26  1999 rcsinfo,v
-rw-r--r--   1 root     root            5 Jun  1 14:18 readers
-r--r--r--   1 cvs      cvs           879 Nov 26  1999 taginfo
-r--r--r--   1 cvs      cvs          1077 Nov 26  1999 taginfo,v
-r--r--r--   1 cvs      cvs          1026 Nov 26  1999 verifymsg
-r--r--r--   1 cvs      cvs          1224 Nov 26  1999 verifymsg,v

dev:
total 0
crw-rw-rw-   1 cvs      cvs        1,   3 May  5  1998 null

etc:
total 2
-rw-r--r--   1 cvs      cvs            98 Nov 26  1999 ld.so.cache
-rw-r--r--   1 cvs      cvs             0 Nov 26  1999 ld.so.conf
-rw-r--r--   1 cvs      cvs           128 Jun  1 14:14 passwd

lib:
total 891
-rwxr-xr-x   1 cvs      cvs         40452 Nov 26  1999 ld-2.0.7.so
lrwxrwxrwx   1 cvs      cvs            11 Nov 26  1999 ld-linux.so.2 -> ld-2.0.7.so
-rwxr-xr-x   1 cvs      cvs        650524 Nov 26  1999 libc-2.0.7.so
lrwxrwxrwx   1 cvs      cvs            13 Nov 26  1999 libc.so.6 -> libc-2.0.7.so
-rwxr-xr-x   1 cvs      cvs        181993 Oct 13  1998 libcrypt-2.0.7.so
lrwxrwxrwx   1 cvs      cvs            17 Nov 26  1999 libcrypt.so.1 -> libcrypt-2.0.7.so
-rwxr-xr-x   1 cvs      cvs         30172 Nov 26  1999 libnss_files-2.0.7.so
lrwxrwxrwx   1 cvs      cvs            21 Nov 26  1999 libnss_files.so.1 -> libnss_files-2.0.7.so

tmp:
total 0

Attachment: cvsd.c
Description: cvs wrapper source

Current thread:

Re: cvs security problem Mike Eldridge (Aug 01)
- <Possible follow-ups>
- Re: cvs security problem sama (Aug 01)
  - Re: cvs security problem Brian Behlendorf (Aug 01)
  - Re: cvs security problem Greg A. Woods (Aug 01)
- Re: cvs security problem Greg A. Woods (Aug 01)