Date: Thu, 2 Mar 2006 09:24:41 +0000 From: Ceri Davies <ceri@submonkey.net> To: Maxime Henrion <mux@FreeBSD.org> Cc: arch@freebsd.org, Wesley Shields <wxs@csh.rit.edu>, current@freebsd.org, Lowell Gilbert <freebsd-current-local@be-well.ilk.org>, Kris Kennaway <kris@obsecurity.org> Subject: Re: HEADS UP: Importing csup into base Message-ID: <20060302092441.GC27069@submonkey.net> In-Reply-To: <20060301233905.GH55746@elvis.mu.org> References: <20060301170306.GZ55746@elvis.mu.org> <4405F673.8060907@samsco.org> <44mzg9ucpm.fsf@be-well.ilk.org> <20060301211932.GA42815@csh.rit.edu> <20060301211708.GA30508@xor.obsecurity.org> <20060301233355.GA53937@csh.rit.edu> <20060301233905.GH55746@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--phbq2bkSb+hZnunM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Mar 02, 2006 at 12:39:05AM +0100, Maxime Henrion wrote:
> Wesley Shields wrote:
> > On Wed, Mar 01, 2006 at 04:17:08PM -0500, Kris Kennaway wrote:
> > > On Wed, Mar 01, 2006 at 04:19:32PM -0500, Wesley Shields wrote:
> > > > On Wed, Mar 01, 2006 at 03:33:41PM -0500, Lowell Gilbert wrote:
> > > > > Scott Long <scottl@samsco.org> writes:
> > > > >=20
> > > > > > Maxime Henrion wrote:
> > > > > > > Hey all,
> > > > > > > I have released a new snapshot of csup a few minutes ago,
> > > > > >=20
> > > > > > [...]
> > > > > >=20
> > > > > > > - Executes (shell commands sent by the server, even more ra=
rely
> > > > > > > used),
> > > > > >=20
> > > > > > Are you joking?
> > > > >=20
> > > > > Are you asking whether he's joking about (1) the idea of ever
> > > > > implementing it, (2) the fact that he hasn't done it yet, or=20
> > > > > (3) the idea that it's rarely used? All of those sound=20
> > > > > reasonable to me...
> > > >=20
> > > > I'm questioning (1) myself. This just seems like a bad idea from a
> > > > security perspective. Of course, some kind of sanitization could
> > > > mitigate the issue.
> > >=20
> > > Let's not lose sight of the fact that whoever runs the cvsup server
> > > already owns your machine, since they're giving you unauthenticated
> > > source code [1].
> >=20
> > You are right on this point. But on the scale of potentially bad things
> > I think a rogue server sending commands that the client exectues is
> > pretty close to a rogue server sending malicious source code. At least
> > the source is easily verifiable and (in the case of the malicious source
> > being inserted at the master site) has a good chance of being noticed.
> >=20
> > It's not that I'm 100% against this idea, but rather that I'd like to
> > see the client be cautious of the possibility of a rogue server. Of
> > course, this could all be the plan and I'm just raising a non-issue.
>=20
> Just to make things straight, executes are always off by default, and
> need to be explicitely enabled by the user. This is how it has always
> been in CVSup, and there is no reason for csup to change that when it
> will support executes. That said, the mail I sent wasn't about whether
> I should implement executes or not. They are just part of the "missing
> features" list.
Just be 100% clear, what Maxime is saying here is that CVSup already has
this functionality, so this bikeshed is like 100 years too late.
Ceri
--=20
That must be wonderful! I don't understand it at all.
-- Moliere
--phbq2bkSb+hZnunM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (FreeBSD)
iD8DBQFEBrnYocfcwTS3JF8RAjXQAKCapkvmSk4jIv5gTDgTVlSILzV1zQCfcHXW
NKg14Ve0r48S7D/zfS04aks=
=AP/9
-----END PGP SIGNATURE-----
--phbq2bkSb+hZnunM--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060302092441.GC27069>