[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Zmailer CVS: LockDir=/var/lock/cvs in the config?

On Tue, Mar 04, 2003 at 09:18:32PM +0300, Eugene Crosser wrote:
> Matti,
> I am now setting up public access to the mirror of Zmailer CVS dir that
> is living on my site for quite a while, and I strongly wish to make
> repository unreadable for the anonymous "cvs" user.  For that, there
> needs to be a "config" file in the CVSROOT/ with the line
> See this page for instructions:
> http://www.thornleyware.com/scm/cvsconfig/readonly.html

I have actually a rsynced copy of data within a chroot subtree.
Every connection to my cvs server does at first run rsync copying,
chroot(2)s (+ chdir("/");), and then execs real pserver in there.

The wrapper I have is rather messy one from  Andrew Tridgell (Mr. Samba),
whose code I encountered at vger.kernel.org  years ago.

Tridge didn't trust cvs code not to contain ways to attack it
with e.g. stack overflow (like there was reported few weeks ago!),
so he did put the beast in chroot jail.

xinetd runs it with:

$ more /etc/xinetd.d/cvspserver 
# Converted by inetdconvert
service cvspserv
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        user                    = root
        flags   =       NOLIBWRAP IPv6
        server                  = /home/anoncvs/bin/pserver
        disable                 = no

And that program (C) would in SHish script be something like:



# Running rsync as root to be able to overwrite in the copy

/usr/bin/rsync -a --delete --exclude-from $ACVSHOME/anoncvs.exclude \
	--exclude '*.lock'   $CVSROOT $ACVSROOT

## Now turn gid&uid to e.g. ftp/ftp ?
## and finally run CVS PSERVER under CHROOT(2).

exec chroot  $ACVSHOME  /bin/cvs -b/bin -l -z5 --allow-root $FAKECVSROOT pserver

Doing a  perl  overcoat with finely controlled  chroot()+chdir()
should be simple -- oh yes, some operating systems do (in error, IMO)
demand that  chroot(2)   caller is root.    In such systems perl
(and C) allow you to do  chroot()+chdir()  at first, and then
to do gid/uid change.

> (one extra mirror won't hurt anyone, especially if it's on a different
> continent, right?)
> Eugene

/Matti Aarnio	<mea@nic.funet.fi>
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi