info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVSROOT write permission vulnerability

From: Eric Siegerman
Subject: Re: CVSROOT write permission vulnerability
Date: Wed, 22 Jan 2003 12:08:47 -0500
User-agent: Mutt/1.2.5i 
On Wed, Jan 22, 2003 at 03:55:15PM +0100, Fabian Cenedese wrote:
> >I'm starting to wonder if removing :local: mode might not be a bad
> >thing.

That's a bit extreme, IMO.  At most it could be disabled by
default, with an option to enable it (either a configure option,
or in CVSROOT/config, or both).  Not a flat-out prohibition, but
people would have to work a bit to find it.

> The only thing you could possibly imagine is to
> disable local mode on network mapped drives.

That'd be nice.  Rather a challenge to implement though -- how
*does* one tell, portably and from application code, whether a
given directory is locally or remotely mounted?

> But while working
> on my local drive I don't want to mess with any server stuff.

Indeed!  I might not even have any "server stuff" set up yet by
the time I want to start using CVS.

--

|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        address@hidden
|  |  /
Just Say No to the "faceless cannonfodder" stereotype.
        - http://www.ainurin.net/ (an Orc site)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]