Forum OpenACS Q&A: Re: RFC: adding :ext: access option to OpenACS CVS

Collapse
Posted by Jeff Davis on
Andrei, can you get a tarball of a chroot tree for this or the source for the restricted shells they use? In particular, savanah uses "/usr/local/bin/cvs-chroot-proxy.pl" (based on bug reports I saw) which I can't find in a checkout of the savanah source.
Collapse
Posted by Mark Aufflick on
Hmm - if cvshome.org can be hacked via the pserver exploit (see https://www.cvshome.org/ & http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396 )
then I guess we should be worried!

i really dislike having to enter passwords all the time and pserver is good for this.

Maybe the answer is one of the restricted cvs anon shells, and publish a private key for that user so that no logging in is required.

For commit enabled people (not me since the crash ... hint hint), I suggest that we design a two tier user system - give commit people a cvs login user with a restricted shell so they can only do cvs. That way they can store a key to avoid logging in with a password with less security implications.

Then a smaller set of those people who need ssh access to the box have a seperate user that gives them that access for which they are prevented from using a key to login with.

I can't imagine that a high percentage of committers really need ssh access to the box.

We really shouldn't ignore this.

Or we could switch to subversion, but i'm not really a fan of doing this as documented elsewhere.