[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security, audits and pserver
From: |
Larry Jones |
Subject: |
Re: Security, audits and pserver |
Date: |
Mon, 16 Dec 2002 11:13:16 -0500 (EST) |
Walter, Jan writes:
>
> Personally I tend to believe that giving people any sort of local access
> (even in a chrooted environment for the user for instance) is more of a
> security risk than allowing pserver access over ssl/ssh, with the limited
> number of users having the key needed to connect (i.e. Auto-key negotiation
> disabled and so on). This limits the exposure of pserver to people already
> having the public key of the server (and their public key registered there).
Note that giving anyone pserver access to a machine is equivalent to
giving them local shell access -- there are fairly simple tricks that
can be used to execute arbitrary code on the server. CVS was not
designed as a security application, it was designed as a collaboration
application for cooperative users.
-Larry Jones
Let's just sit here a moment... and savor the impending terror. -- Calvin
- Re: Security, audits and pserver, (continued)
Re: Security, audits and pserver, Phil R Lawrence, 2002/12/12
RE: Security, audits and pserver, Neis, Mark, 2002/12/12
RE: Security, audits and pserver, Douglas Finkle, 2002/12/13
RE: Security, audits and pserver, Walter, Jan, 2002/12/16
RE: Security, audits and pserver, Walter, Jan, 2002/12/16