[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: what's to stop a developer from nuking the repository?

From: WJCarpenter
Subject: Re: what's to stop a developer from nuking the repository?
Date: Wed, 21 Jan 2004 13:12:05 -0800

gaw> CVS is not a security application, was not designed as a security
gaw> application, and despite recent hackish patches is not
gaw> implemented as a security application.  CVS does not provide the
gaw> same level of authentication, and not even remotely the same
gaw> level of authorization control, as RSH does.  It is entirely
gaw> trivial for pserver users to forge their identity.

So, since it's unreliable to read between the lines to try to figure
out what you're saying, is it that there are bugs in the canonical CVS
*implementation* that lead to these problems?  Is it by exploiting
design flaws or bugs in the CVS implementation that pserver users can
trivially forge identities, or do you mean more traditional and
pervasive things like packet sniffing or snagging a peek at someone's
.cvspass file?
address@hidden (WJCarpenter)    PGP 0x91865119
38 95 1B 69 C9 C6 3D 25    73 46 32 04 69 D6 ED F3

reply via email to

[Prev in Thread] Current Thread [Next in Thread]