[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: history and val-tags locks.
|
From: |
Derek Price |
|
Subject: |
Re: history and val-tags locks. |
|
Date: |
Wed, 27 Apr 2005 17:58:56 -0400 |
|
User-agent: |
Mozilla Thunderbird 1.0.2 (Windows/20050317) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark D. Baushke wrote:
> >An associated change I was putting off talking about was adding a
> >global `-c <config_file>' option to cause CVS to look elsewhere for
> >its configuration file.
>
> I worry about the security implications of this one. I don't believe it
> can be allowed for anythiner other than :pserver: mode where the
> administrator takes care of arguments to the cvs executable directly.
>
> If the user may provide a config file that specifies the commitinfo
> triggers to use, it could subvert the intention of the repository
> administrator. The administrator could get the same effect by putting a
> symbolic link into CVSROOT for the config file... of course, it would be
> well to ensure that rebuilding the repository database would not destroy
> that link.
I see your point. What about `cvs server'? I can see both setups being
useful... an admin who allowed users access to the CVS repository would
probably prefer not to allow the config file to be specified whereas an
admin who restriced the command that SSH users could run to a particular
shell script that provided the -c option wouldn't mind... perhaps it
should be a compile time option, with the default to disallow it.
Regards,
Derek
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCcAsgLD1OTBfyMaQRAo/CAKDwtOAvLA4p70qfyzIJ4WtwmUGX7ACfX3Ep
bTrGiunRznuULICLrBmxykQ=
=7I8L
-----END PGP SIGNATURE-----