Re: pserver without root access

[Larry Jones]

Tom Nott writes:
> 
> I'd like to run a pserver on a box on which I don't have root access.
> All the docmentation I've seen seems to imply root is needed.
> 
> Is what I want to do possible?

Certainly.  You can run inetd without being root, you'll just have to
use an alternate configuration file; or you can use an inetd replacement
like tcpserver.

> Are there any security issues involved?

Yes, although they're not a serious (from a system standpoint) as when
you run as root.

> I know that cvs wont be able to setuid(), so it will have to run under
> my UID. I'm a real newbie to CVS and need to know just how much of the
> system can be accesed under my UID with CVS. Is it impossible for others
> to access anything above $CVSROOT or run any programs under my UID?

There are some known exploits that allow listing directories outside
$CVSROOT, but I don't know of any way to read or write files outside of
$CVSROOT.  If you have modules that run module programs (or allow people
to define modules), it is possible for someone to run an arbitrary
program under your UID.

-Larry Jones

Like I'm going to get any sleep NOW. -- Calvin