| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Git cvsserver serious issue |
| Date: | 2010-09-22 14:26:59 |
| Message-ID: | AANLkTikZkGvU4KQhmq6Q5ogs7ZLxnDwT0oC1-XKCPEgT@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | buildfarm-members pgsql-hackers |
On Wed, Sep 22, 2010 at 16:23, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> Any user can point their cvs client at the repository. And check out
>> an arbitrary branch, tag *or individual commit*. Doing so will create
>> a 50Mb sqlite database on the server with cache information about that
>> head.
>
>> That basically means that git-cvsserver is completely useless in a
>> public scenario as it stands. An easier way to DOS our server is hard
>> to find, really.
>
> Ugh.
Indeed.
>> Now, if we can limit this by IP address, that would be ok. I assume we
>> can do this for the NLS stuff - peter?
>
>> As for buildfarm members needing CVS - is it workable to require that
>> the maintainers of these set up their own git clone with git cvsserver
>> (over ssh or pserver) and restrict it locally to the IP(s) of their
>> machines?
>
> If we're going to let people in by IP address, maybe we could let legacy
> buildfarm members in by IP address. It doesn't seem particularly
> helpful to expect each buildfarm owner to solve this problem for
> themselves. I'd also note that if they could run git locally, they
> wouldn't be needing cvsserver in the first place.
We could. It's currently on a freebsd vm though and I don't think we
can set per-server IP filters on those. (I was thinking iptables). We
could move it though - it doesn't *have* to be on the anonymous git
VM. It's just some extra resources.
Well, the use-case I was thinking of was Stefan. While he can't run
git on each and every animal, he certainly has *some* machine(s) on
the correct side of whatever firewall there may be that can run git.
> Also, couldn't we just set up the cvsserver on its own VM with a limited
> amount of disk space, and not worry too much about any "DOS threat"?
> If somebody does do this, block them and reinitialize that server.
We could do that, but that could end up fighting a losing battle in
case some bot hits it.
I don't like deploying something with a known issue on it, sandboxed or not.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2010-09-22 14:33:39 | Re: Git cvsserver serious issue |
| Previous Message | Tom Lane | 2010-09-22 14:23:35 | Re: Git cvsserver serious issue |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-09-22 14:30:45 | Re: knngist patch preliminary review (2010-09 commitfest) |
| Previous Message | Tom Lane | 2010-09-22 14:23:35 | Re: Git cvsserver serious issue |