security, cvs, was Re: interface bindings of x-server

[Keith Packard]

Around 8 o'clock on Nov 19, Keith Whitwell wrote:

> Is it foolhardy to continue running anoncvs, especially without the checks & 
> balances which caught the backdoor attempt in linux?

The pserver running on fd.o has been specially hacked to run as 'nobody' 
from the very start, unlike most pserver implementations which run as root 
and setuid to the user specified in the CVS password file.  I think this 
should make it rather difficult to affect any of the repositories on fd.o 
unless files in those directories are world writable.

But, if we want to be extra paranoid, the right solution is to have 
anoncvs use a separate mirror machine rsynced from the main repository.  
I'd like to avoid that as it makes anoncvs 'second class' which seems like 
it will encourage more people to ask for project membership that they 
otherwise don't really need just to avoid the anoncvs delay.

Of course, an even better solution would be to throw CVS in the garbage 
and use some more robust configuration management system.  Sigh.

-keith