From: Jonathan Larmour <jifl@eCosCentric.com>
To: Gerald Pfeifer <gerald@pfeifer.com>
Cc: overseers@sourceware.org
Subject: Re: removing login rights from non-overseers
Date: Thu, 10 Jun 2004 22:11:00 -0000 [thread overview]
Message-ID: <40C8CF64.9060906@eCosCentric.com> (raw)
In-Reply-To: <Pine.BSF.4.58.0406102247340.60912@acrux.dbai.tuwien.ac.at>
Gerald Pfeifer wrote:
> On Thu, 10 Jun 2004, Jonathan Larmour wrote:
>
>><fx: butts in :-)>
>>
>>Perhaps a cron job that does something like:
>>
>>8 * * * * sh -c "sleep 15 ; cd cvs ; cvs -q up gccadmin.crontab ; crontab
>>gccadmin.crontab" &
>>
>>where the cvs directory contains a checkout where CVSROOT was set to /cvs/gcc
>
>
> If you do it fully automatically, anyone with CVS write access can
> obtain gccadmin shell access on sourceware
Shrug... anything that involves having a gccadmin crontab which some people
can edit, means those people have sort of shell access.
But you're right, it would help if there was CVSROOT=/cvs/gccadmin and
suitably responsible people in a gccadmin group then :-). Or even
CVSROOT=/home/gccadmin/cvsroot with people in the gccadmin group and
appropriate perms. With the power of security through obscurity[1] it's
unlikely a hacker would realise the gccadmin crontab is a way to run commands.
Sudo is a lot simpler but does mean many people still retain complete and
interactive shell access. But it's true that either way a Bad Person can
work out how to run arbitrary commands. The only way to stop that is with
restricted shells/interpreters which is a slog. Although an alternative
which may be helpful enough is if a chrooted environment for the gccadmin
account was set up.
> (and it might interfere
> if someone, like me, is currently working on some snapshot-related
> changes).
CVS resolves conflicts better than a free-for-all.
Jifl
[1] Why does no-one ever complain that passwords are merely security
through obscurity?
--
eCosCentric http://www.eCosCentric.com/ The eCos and RedBoot experts
--["No sense being pessimistic, it wouldn't work anyway"]-- Opinions==mine
next prev parent reply other threads:[~2004-06-10 21:15 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-09 12:32 Christopher Faylor
2004-06-09 12:38 ` Jonathan Larmour
2004-06-09 12:43 ` Christopher Faylor
2004-06-10 20:43 ` Gerald Pfeifer
2004-06-10 20:46 ` Ian Lance Taylor
2004-06-10 20:52 ` Christopher Faylor
2004-06-10 20:59 ` Ian Lance Taylor
2004-06-10 22:05 ` Christopher Faylor
2004-06-18 13:40 ` Gerald Pfeifer
2004-06-22 7:29 ` Christopher Faylor
2004-07-04 21:52 ` Gerald Pfeifer
2004-07-04 22:22 ` Christopher Faylor
2004-06-10 21:15 ` Jonathan Larmour
2004-06-10 21:29 ` Gerald Pfeifer
2004-06-10 22:11 ` Jonathan Larmour [this message]
2004-06-10 22:23 ` Ian Lance Taylor
2004-06-10 22:25 ` Christopher Faylor
2004-06-11 0:59 ` Joseph S. Myers
2004-06-10 22:25 ` Angela Marie Thomas
2004-06-11 1:00 ` Christopher Faylor
2004-06-11 1:32 ` Ian Lance Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40C8CF64.9060906@eCosCentric.com \
--to=jifl@ecoscentric.com \
--cc=gerald@pfeifer.com \
--cc=overseers@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).