Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 2 Mar 2006 09:24:41 +0000
From:      Ceri Davies <ceri@submonkey.net>
To:        Maxime Henrion <mux@FreeBSD.org>
Cc:        arch@freebsd.org, Wesley Shields <wxs@csh.rit.edu>, current@freebsd.org, Lowell Gilbert <freebsd-current-local@be-well.ilk.org>, Kris Kennaway <kris@obsecurity.org>
Subject:   Re: HEADS UP: Importing csup into base
Message-ID:  <20060302092441.GC27069@submonkey.net>
In-Reply-To: <20060301233905.GH55746@elvis.mu.org>
References:  <20060301170306.GZ55746@elvis.mu.org> <4405F673.8060907@samsco.org> <44mzg9ucpm.fsf@be-well.ilk.org> <20060301211932.GA42815@csh.rit.edu> <20060301211708.GA30508@xor.obsecurity.org> <20060301233355.GA53937@csh.rit.edu> <20060301233905.GH55746@elvis.mu.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--phbq2bkSb+hZnunM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 02, 2006 at 12:39:05AM +0100, Maxime Henrion wrote:
> Wesley Shields wrote:
> > On Wed, Mar 01, 2006 at 04:17:08PM -0500, Kris Kennaway wrote:
> > > On Wed, Mar 01, 2006 at 04:19:32PM -0500, Wesley Shields wrote:
> > > > On Wed, Mar 01, 2006 at 03:33:41PM -0500, Lowell Gilbert wrote:
> > > > > Scott Long <scottl@samsco.org> writes:
> > > > >=20
> > > > > > Maxime Henrion wrote:
> > > > > > > 	Hey all,
> > > > > > > I have released a new snapshot of csup a few minutes ago,
> > > > > >=20
> > > > > > [...]
> > > > > >=20
> > > > > > >   - Executes (shell commands sent by the server, even more ra=
rely
> > > > > > > used),
> > > > > >=20
> > > > > > Are you joking?
> > > > >=20
> > > > > Are you asking whether he's joking about (1) the idea of ever
> > > > > implementing it, (2) the fact that he hasn't done it yet, or=20
> > > > > (3) the idea that it's rarely used?  All of those sound=20
> > > > > reasonable to me...
> > > >=20
> > > > I'm questioning (1) myself.  This just seems like a bad idea from a
> > > > security perspective.  Of course, some kind of sanitization could
> > > > mitigate the issue.
> > >=20
> > > Let's not lose sight of the fact that whoever runs the cvsup server
> > > already owns your machine, since they're giving you unauthenticated
> > > source code [1].
> >=20
> > You are right on this point.  But on the scale of potentially bad things
> > I think a rogue server sending commands that the client exectues is
> > pretty close to a rogue server sending malicious source code.  At least
> > the source is easily verifiable and (in the case of the malicious source
> > being inserted at the master site) has a good chance of being noticed.
> >=20
> > It's not that I'm 100% against this idea, but rather that I'd like to
> > see the client be cautious of the possibility of a rogue server.  Of
> > course, this could all be the plan and I'm just raising a non-issue.
>=20
> Just to make things straight, executes are always off by default, and
> need to be explicitely enabled by the user.  This is how it has always
> been in CVSup, and there is no reason for csup to change that when it
> will support executes.  That said, the mail I sent wasn't about whether
> I should implement executes or not.  They are just part of the "missing
> features" list.

Just be 100% clear, what Maxime is saying here is that CVSup already has
this functionality, so this bikeshed is like 100 years too late.

Ceri
--=20
That must be wonderful!  I don't understand it at all.
                                                  -- Moliere

--phbq2bkSb+hZnunM
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (FreeBSD)

iD8DBQFEBrnYocfcwTS3JF8RAjXQAKCapkvmSk4jIv5gTDgTVlSILzV1zQCfcHXW
NKg14Ve0r48S7D/zfS04aks=
=AP/9
-----END PGP SIGNATURE-----

--phbq2bkSb+hZnunM--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060302092441.GC27069>