Re: Git cvsserver serious issue

Magnus Hagander <magnus(at)hagander(dot)net> writes:
> Any user can point their cvs client at the repository. And check out
> an arbitrary branch, tag *or individual commit*. Doing so will create
> a 50Mb sqlite database on the server with cache information about that
> head.

> That basically means that git-cvsserver is completely useless in a
> public scenario as it stands. An easier way to DOS our server is hard
> to find, really.

Ugh.

> Now, if we can limit this by IP address, that would be ok. I assume we
> can do this for the NLS stuff - peter?

> As for buildfarm members needing CVS - is it workable to require that
> the maintainers of these set up their own git clone with git cvsserver
> (over ssh or pserver) and restrict it locally to the IP(s) of their
> machines?

If we're going to let people in by IP address, maybe we could let legacy
buildfarm members in by IP address. It doesn't seem particularly
helpful to expect each buildfarm owner to solve this problem for
themselves. I'd also note that if they could run git locally, they
wouldn't be needing cvsserver in the first place.

Also, couldn't we just set up the cvsserver on its own VM with a limited
amount of disk space, and not worry too much about any "DOS threat"?
If somebody does do this, block them and reinitialize that server.

regards, tom lane