Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: cvs problem
On Jan 30, 2010, at 11:45 AM, Christos Zoulas wrote:
>> I noticed that change, too. Frankly, it struck me as a really bad idea.
>>
>> I think the only thing to do is to create the group and put yourself in
>> it. Better yet, go into the source and delete the check; it's
>> preposterous.
>>
>> From a security perspective, it's useless, since the cvs command is
>> unprivileged and hence can't really enforce any privileges; anyone who
>> wants can compile their own copy that deletes that gratuitous check. It
>> assumes that there is only one permission domain for cvs repositories on
>> a system, which isn't necessarily true. (I teach at a university; most
>> professors and grad students have their own repositories. Why should we
>> all have to be in the same group? What benefit is there to anyone?)
>>
>> I assume that there was some purpose in mind for the check. For the
>> life of me, I can't imagine what it was.
>
> Think server-client. Do you think you can recompile/change the cvs binary
> one the server side? Yes, it does not make sense for the local only code...
Even for client-server, I'm not sure that that particular change makes much
sense. If nothing else -- and I think there are other reasons -- the problem
is initializing a CVS repository, which is presumably done locally on the
server side. Even without that, if the cvs command is running in server mode
it has to know it, in order to speak the proper over-the-wire protocol, which
means that at the least it should do the check only if in server mode, not if
invoked locally.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Home |
Main Index |
Thread Index |
Old Index