[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New update to the CVS ACL patch to support user groups
|
From: |
Larry Jones |
|
Subject: |
Re: New update to the CVS ACL patch to support user groups |
|
Date: |
Wed, 25 Jul 2001 00:49:56 -0400 (EDT) |
Mike Castle writes:
>
> Run cvs as the user accessing the repository. Use server mode over rsh or
> ssh. Not as pserver.
Even if you run pserver, it only runs as root long enough to validate
the user's password then it switches to run as the user just like things
like telnetd, ftpd, rshd, and sshd do. Yes, there is a potential for an
error in the code allowing someone to circumvent security, but I fail to
understand why people worry so much about CVS when they don't even think
twice about rsh or ssh. Especially since, as far as I know, there has
*never* been a root exploit using CVS whereas there have been for all of
those others.
-Larry Jones
My life needs a rewind/erase button. -- Calvin
Re: New update to the CVS ACL patch to support user groups, minyard, 2001/07/25
RE: New update to the CVS ACL patch to support user groups, Ellison, Martin [IT], 2001/07/24