[cvsnt] ACLs, permissions, readers/writers, etc
Tony Hoyle
tmh at nodomain.org
Tue Aug 24 16:24:27 BST 2004
Aidan Corey wrote:
> If you are going down this route (making CVSNT secure against attackers who
> have commit access to CVSROOT), don't you need to prevent things like
> commitinfo and historyinfo (and any filters they might call) going into
> checkoutlist? An attacker could write a historyinfo filter that silently
> tries to add them to the admin file.
True, but then any security is better than none at all.... one of the
reasons to prevent things like passwd and admin from being in
checkoutlist is to stop people with only read access to CVSROOT gaining
enough information to compromise the repository (by knowing who the
administrator accounts are, for example, or in extreme cases, the
contents of the passwd file). It also stops new admins making basic
mistakes with checkoutlist.
Setting the NTFS permissions on admin, group and passwd so that nobody
can write to them except very special users would prevent this also. Of
course it'd also break 'cvs passwd' if you weren't one of those users...
a compromise of security over convenience that's up to the individual
admins.
In general once someone gets commit rights to CVSROOT it's game over for
repository security really (even if you have a chroot without libraries
there are ways to execute a statically linked file - however in that
case they wouldn't get any further access of course), which is why I
suggested locking it down so nobody could even read it.
>>If you set an ACL so that nobody but administrators can even checkout
>>CVSROOT then it'll still work and be safe - the server itself accesses
>>the files directly so doesn't need read access via that mechanism.
>
>
> Are history and val-tags still exceptions to this
> (http://www.cvsnt.org/wiki/SetAcl)? Or are you suggesting a CVSNT ACL rather
> than an NTFS ACL here?
>
A CVSNT ACL is easier as you don't need any special filesystem
permissions. A future version of CVSNT will add such an ACL
automatically on cvs init.
Tony
More information about the cvsnt
mailing list