bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suppressing log suppression (down with the -l switch)


From: Derek Robert Price
Subject: Re: Suppressing log suppression (down with the -l switch)
Date: Fri, 30 May 2003 09:05:39 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02

Paul Edwards wrote:

"Derek Robert Price" <derek@ximbiot.com> wrote in message 
news:mailman.7021.1054234818.21513.bug-cvs@gnu.org...
Done.  Any opinions on whether I should back-port that to 1.11.x?  I
think I could look at this as a security fix and I don't think the
change was invasive enough to affect stability, but I'm not too worried
about it.

Yes, I think 1.11.x should have integrity if reasonably possible.


Okay.  Two yeas, no nays.  Should be checked in in a few seconds.

Suitable for use by a company that can "absolutely guarantee"
that they know exactly what happened to their source code at
every step of the way, not subject to the whim of cowboys.

Unless there is already a plethora of integrity holes in CVS so
there's really no point?


Well, yes and no. A knowledgable sysadmin can nail down the permissions & access pretty tight if they want, but out-of-the-box pserver is pretty vunlnerable to a malicious attack.

 But I'm not aware of any myself (not
that I've looked).  I can remember a very long time ago I used
to have to disable the admin command to stop people from
being able to do things like remove revisions.  I don't know if
use of that command is now able to be restricted.


If a cvsadmin group exists on the server, only users who are members of the group may run `cvs admin' commands, with the exception of -k in 1.11.x and with the exception of any commands specified by UserAdminCommands= in the CVSROOT/config file in 1.12.x.

Where I'm working at the moment, I'm a programmer, not CM,
so I don't have to worry about security risks, the entire
repository can be wiped out by my colleagues any time they
want.


Well, that's what tape backups are for. Even friendly colleagues have been known to call `dirname` on a path in a script one too many times before running `rm -rf $path` as root.

 I'm nominally supposed to be using PVCS.  Basically
I use CVS as a precursor to using PVCS, and no-one has
sacked me for doing so.  Yet.  :-)

Well, good to hear it and good luck.  :)

Derek

--
               *8^)

Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
--
There are plenty of businesses like show business.
There are plenty of businesses like show business.
There are plenty of businesses like show business...

         - Bart Simpson on chalkboard, _The Simpsons_







reply via email to

[Prev in Thread] Current Thread [Next in Thread]