bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "cvs server" accepts but ignored --allow-root


From: Derek Robert Price
Subject: Re: "cvs server" accepts but ignored --allow-root
Date: Fri, 22 Nov 2002 08:15:58 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0

Tim Riker wrote:

Not sure how to do a test for this. src/sanity.sh does one rsh test, but I don't think you can alter the command it runs on the other end? I believe it does "cvs server" and I need it to do "cvs server --allow-root ${CVSROOT_DIRNAME}" which should work. Anything else like "cvs server --allow-root ${CVSROOT_DIRNAME}/foo" should get an error when the client tries to choose a different path.

The current state is that "cvs server --allow-root ${CVSROOT_DIRNAME}/foo" _will_ allow setting the dirname to anything and will completely ignore the --allow-root without a warning or error message.

CVS_SERVER cannot contain arguments, correct? I suppose you could create a script like:

#!/bin/bash
exec cvs --allow-root /path/from/cvsroot_dirname $*

and then put the scriptname in CVS_SERVER?

Testing over rsh should work, but is kind of silly. I suppose an admin might provide a cvs wrapper as above and hide the real cvs binary. This really is used with ssh authorized_keys as explained in the original message.


Testing over RSH should be fine - CVS_SERVER can be set on the client end and CVS will use the same code whether executed by SSH or RSH. No security restrictions are necessary in the tests scripts - you know what you told it to run - the test isn't like a user who might try and change it.

You might also try running something akin to the pserver, server, and server2 tests - those exec `cvs --allow-root=X pserver' and `cvs server' on the command line then feed fake protocol data in on stdin and read stdout to see if they are working properly. You could probably cut and paste a few of those tests even, as long as you added one that got the failure message. I think you need to test three cases - a working checkout without --allow-root specified, a working checkout with --allow-root specified, and a forbidden checkout with --allow-root specified.

Derek

--
               *8^)

Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
--
HAMLET                  No, not I.
 I never gave you aught.
OPHELIA
 My honoured lord, you know right well you did,
 And with them words of so sweet breath composed
 As made the things more rich.  Their perfume lost,
 Take these again.  For to the noble mind
 Rich gifts wax poor when givers prove unkind.
 There, my lord.

    - Hamlet, Act III, Scene 1, Lines 96-102







reply via email to

[Prev in Thread] Current Thread [Next in Thread]