bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: -R option fails with pserver


From: Mark D. Baushke
Subject: Re: -R option fails with pserver
Date: Sat, 21 Aug 2004 13:14:09 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arthur de Jong <adejong@debian.org> writes:

> I have already metioned this to the Debian package maintainer [1] but got
> no reply so I sent it here also.
> 
> The problem is that if you use the -R option for a pserver (which is
> useful if you want to provide high performance read-only access) it
> inserts a warning in the protocol stream.

The -R option is intended for read-only media such as a CD-R, DVD, or
read-only network filesystem mount point.

It is not intended to subvert the permissions model of a remote
cvs repository maintainer.

> I have created two possible solutions to this problem.

Both of your patches open a :pserver: server maintainer to the
possibility of users being able to checkout files from the repository
that they may not otherwise be able to see due to how permissions might
be maintained in a LockDir directory.

Granted that security is not all that tight within cvs, still throwing
them out altogether is a bad idea.

> The first (patch-really_quiet_pserver_try2) sets the really_quiet flag
> for all pserver operations (but not quiet so normal output is still
> printed). This will probably also disable most other protocol mangling
> messages.

Actually, mangling the protocol messages is a fine idea if it will help
stop the use of -R on a remote server.... 

Sigh. However, it is apparently not really sufficient. If anyone has any
patches to just disable -R mode when cvs is acting as a server, please
send them along.

Also, if any one has patches that allows the repository maintainer to
relax the creation of locks and instead only enforces permission checks
to ensure that the user would have been able to create the appropriate
read lock for the given directory without creating it (this assumes
there is some compelling case for allowing the moral equivalent of a -R
switch for read checkouts which I do not think has been proven), such
patches would be considered for adoption.

> The second (patch-no_readonly_warning_for_pserver) disables only this
> specific warning when the pserver command is used.

I am rejecting this patch out of hand.

> Both patches were to Debian version 1:1.12.9-3 but seem to apply to
> 1.12.9 proper.
> 
> I'm not subscribed to this list though so please keep me in CC.

Done.

> ps. I couldn't find any mailinglist archives for this list, the archive
> here [2] isn't updated
> 
> [1] http://bugs.debian.org/264019
> [2] ftp://mail.gnu.org/bug-cvs/

Use http://lists.gnu.org/archive/html/bug-cvs/ instead of [2].

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFBJ60R3x41pRYZE/gRArFzAKDWFnpU9heuCWq2VrAUfPPyF7TnEwCg5KC2
m0W6EgRp0aXvPVYdAcpvGH8=
=5JVQ
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]