CVS Security

Some aspects of CVS security are discussed in the Cederqvist manual. For more information on getting this manual, see our Cederqvist manual page. The information is somewhat scattered about; looking in the index for Security is a good place to start.

CVS security announcements:

• Security hole affects many CVS pserver installations, 26 Jun 1997. Affects pserver servers only. Affects CVS 1.9.8 and older, fixed in CVS 1.10.

We expect to update this page with future CVS security announcements as they are made.

There are several ways to make a CVS connection across a network, while providing a high level of resistance to security attacks such as eavesdropping on the network:

• CVS can make its connection across any program which behaves like the rsh (remote shell) program. For example, one can use the rsh replacements supplied with Kerberos or SSH. For details, look up :ext: in the index of the Cederqvist manual.
• CVS can use SSH's port forwarding feature. To do this, connect using CVS's pserver protocol. This is because pserver requires only a single network connection, unlike for example the traditional (port 514) version of rsh, which will be unable to create its multiple connections with SSH's port forwarding.
• The CVS 1.10 source distribution contains a kerberized version of CVS for use with Kerberos version 4 or the GSS-API interface used by Kerberos version 5.

People often ask about how to access CVS through a firewall. The details will depend on what sort of firewall and security policies you have. Typically, you will supply an rsh replacement which makes the connection; for example here is an example script for the situation in which one can connect with multiple rsh invocations.

There are a large variety of network security schemes and setups out there. If terms like SASL, SOCKS and the like mean anything to you, and you want to know whether anyone is working on supporting them for CVS, see the Development of CVS: Networking page.

Now, as for controlling access once users have made it past the network, CVS features like the "cvsadmin" group and the commitinfo administrative file may help somewhat (see the Cederqvist for information on those, or our access control page). In particular, take a look at what that page has to say about exactly what kinds of protection each feature provides (or does not provide).

Non-CVS-specific computer security information

Kerberos allows networked applications to obtain a high level of resistance to security attacks such as eavesdropping on the network. It is the leading freely redistributable package of this kind.

The SSL library is a library to offer similar levels of security (however, it is just a library, not a full package like Kerberos or SSH).

If you are responsible for the security of web servers, one useful reference is the book Web Security: A Step-by-Step Reference Guide by Lincoln Stein. If you are looking for an online resource, see the World Wide Web Security FAQ by the same author.

Most operating system vendors have sites containing security alerts for the packages included in their system: OpenBSD FreeBSD NetBSD Debian RedHat

The CERT Coordination Center writes and publishes security alerts, especially for unix.

Other information on CVS security

Whether this is best for you depends on your own security policies and preferences, but one popular technique is to run the CVS server in a chroot'd environment. For details see the pages from OpenBSD, Samba, Chris Black, or unixtools.org.

If you are running pserver, there are a variety of tools for manipulating the encrypted passwords in CVSROOT/passwd, but cvspwd from GlassFish is one of them.

Tim TimeWaster's page about how to set up CVS via SSH, and give people access to CVS and not login access on the machine (note: this is subject to the usual disclaimers about how giving people read/write access to CVS does allow them to circumvent any measures designed to prevent them from executing arbitrary commands on the server).