bug-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM authentication patch - v2

From: Brian Murphy
Subject: Re: PAM authentication patch - v2
Date: Tue, 15 Apr 2003 20:30:18 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1 
Larry Jones wrote:


Brian Murphy writes:
If cvs should ever become a daemon and run suid then this could be a problem. 

Isn't that essentially what happens when you run pserver from inetd as
root as shown in the manual?


Yes but you can't make another binary that runs as root
with a different name simply by making a soft link to it.
You would also need to be able to edit inetd.conf
and give the program these permissions when run from
inetd. This requires that you are root or at least that root
has given you the capability to do this. If root has given you
this capability then you can run a root shell and any PAM
configuration won't help.

With cvs, if you are a local user the cvs program can't do
anything the local user can't do anyway.

/Brian
reply via email to
[Prev in Thread] Current Thread [Next in Thread]