cvs-repouid

Summary	CVS pserver repository user override
Current version	0.1
Downloads	cvs-repouid-0.1.ptc

CVS is a common source control system used by the majority of all free software projects. It provides remote access to repositories via its pserver system. Unfortunately pserver is not very secure:

Commit access to a repository is equivalent to giving shell access to the CVS server since it is trivial to add or modify scripts that are run automatically when the repository is accessed.
The CVSROOT/passwd file in a repository lists all the users who can access the repository, along with the name of the local unix account which pserver should use when accessing the repository. Everyone who can edit that file can combine this with the previously mentioned problem to gain access to all accounts on a system, including root.

To solve this I wrote the cvs-repouid patch which does two things: it allows the administrator to force usage of a specific account for a repository instead of the ones given in the CVSROOT/passwd file, and it prevents pserver from running as root. This gives the owner of the repository the freedom to modify accounts for his repository while preventing abuse.

This is administered through the new /etc/cvs-repouids file which has a very simple syntax: each line contains a repository path and a accountname, seperated by a colon (:). For example:

      /cvs/dpkg:wichert
      /cvs/pyrad:anon-pyrad

This forces the account wichert to be used when the dpkg repository is accessed and the anon-pyrad account when the pyrad repository is accessed.

Changes

0.1

First release