From owner-freebsd-arch@FreeBSD.ORG Thu Mar 2 09:24:44 2006 Return-Path: X-Original-To: arch@freebsd.org Delivered-To: freebsd-arch@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA9C216A422; Thu, 2 Mar 2006 09:24:44 +0000 (GMT) (envelope-from ceri@submonkey.net) Received: from shrike.submonkey.net (cpc2-cdif2-0-0-cust107.cdif.cable.ntl.com [81.104.168.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 97ABA43D46; Thu, 2 Mar 2006 09:24:43 +0000 (GMT) (envelope-from ceri@submonkey.net) Received: from ceri by shrike.submonkey.net with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1FEk37-000030-9g; Thu, 02 Mar 2006 09:24:41 +0000 Date: Thu, 2 Mar 2006 09:24:41 +0000 From: Ceri Davies To: Maxime Henrion Message-ID: <20060302092441.GC27069@submonkey.net> Mail-Followup-To: Ceri Davies , Maxime Henrion , Wesley Shields , arch@freebsd.org, current@freebsd.org, Lowell Gilbert , Kris Kennaway References: <20060301170306.GZ55746@elvis.mu.org> <4405F673.8060907@samsco.org> <44mzg9ucpm.fsf@be-well.ilk.org> <20060301211932.GA42815@csh.rit.edu> <20060301211708.GA30508@xor.obsecurity.org> <20060301233355.GA53937@csh.rit.edu> <20060301233905.GH55746@elvis.mu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="phbq2bkSb+hZnunM" Content-Disposition: inline In-Reply-To: <20060301233905.GH55746@elvis.mu.org> X-PGP: finger ceri@FreeBSD.org User-Agent: Mutt/1.5.11 Sender: Ceri Davies Cc: arch@freebsd.org, Wesley Shields , current@freebsd.org, Lowell Gilbert , Kris Kennaway Subject: Re: HEADS UP: Importing csup into base X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2006 09:24:45 -0000 --phbq2bkSb+hZnunM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 02, 2006 at 12:39:05AM +0100, Maxime Henrion wrote: > Wesley Shields wrote: > > On Wed, Mar 01, 2006 at 04:17:08PM -0500, Kris Kennaway wrote: > > > On Wed, Mar 01, 2006 at 04:19:32PM -0500, Wesley Shields wrote: > > > > On Wed, Mar 01, 2006 at 03:33:41PM -0500, Lowell Gilbert wrote: > > > > > Scott Long writes: > > > > >=20 > > > > > > Maxime Henrion wrote: > > > > > > > Hey all, > > > > > > > I have released a new snapshot of csup a few minutes ago, > > > > > >=20 > > > > > > [...] > > > > > >=20 > > > > > > > - Executes (shell commands sent by the server, even more ra= rely > > > > > > > used), > > > > > >=20 > > > > > > Are you joking? > > > > >=20 > > > > > Are you asking whether he's joking about (1) the idea of ever > > > > > implementing it, (2) the fact that he hasn't done it yet, or=20 > > > > > (3) the idea that it's rarely used? All of those sound=20 > > > > > reasonable to me... > > > >=20 > > > > I'm questioning (1) myself. This just seems like a bad idea from a > > > > security perspective. Of course, some kind of sanitization could > > > > mitigate the issue. > > >=20 > > > Let's not lose sight of the fact that whoever runs the cvsup server > > > already owns your machine, since they're giving you unauthenticated > > > source code [1]. > >=20 > > You are right on this point. But on the scale of potentially bad things > > I think a rogue server sending commands that the client exectues is > > pretty close to a rogue server sending malicious source code. At least > > the source is easily verifiable and (in the case of the malicious source > > being inserted at the master site) has a good chance of being noticed. > >=20 > > It's not that I'm 100% against this idea, but rather that I'd like to > > see the client be cautious of the possibility of a rogue server. Of > > course, this could all be the plan and I'm just raising a non-issue. >=20 > Just to make things straight, executes are always off by default, and > need to be explicitely enabled by the user. This is how it has always > been in CVSup, and there is no reason for csup to change that when it > will support executes. That said, the mail I sent wasn't about whether > I should implement executes or not. They are just part of the "missing > features" list. Just be 100% clear, what Maxime is saying here is that CVSup already has this functionality, so this bikeshed is like 100 years too late. Ceri --=20 That must be wonderful! I don't understand it at all. -- Moliere --phbq2bkSb+hZnunM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (FreeBSD) iD8DBQFEBrnYocfcwTS3JF8RAjXQAKCapkvmSk4jIv5gTDgTVlSILzV1zQCfcHXW NKg14Ve0r48S7D/zfS04aks= =AP/9 -----END PGP SIGNATURE----- --phbq2bkSb+hZnunM--