Re: 2 security concerns: remote init, and disabling CVSROOT/passwd

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2 security concerns: remote init, and disabling CVSROOT/passwd

From:	Sylvain Beucler
Subject:	Re: 2 security concerns: remote init, and disabling CVSROOT/passwd
Date:	Tue, 8 May 2007 23:08:00 +0200
User-agent:	Mutt/1.5.13 (2006-08-11)

> > I don't know if you still want the --allow-root-regexp patch merged into 
> > 1.12.x, but I found some discussion in the archives and it sounds like 
> > we were waiting on documentation and test cases for the change.

I think this is a good way to prevent access to repositories outside
or downside the allowed hierarchy, while keeping it maintainable (no
list of repositories to rebuild), e.g.
--allow-root-regexp='^/srv/cvs/sources/[^/]+'

Unless there's a better way, here's an updated patch against HEAD :)

-- 
Sylvain

allow-root-regexp4.diff
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

Re: 2 security concerns: remote init, and disabling CVSROOT/passwd, Derek Price, 2007/05/07
- Re: 2 security concerns: remote init, and disabling CVSROOT/passwd, Sylvain Beucler, 2007/05/07
  - Re: 2 security concerns: remote init, and disabling CVSROOT/passwd, Sylvain Beucler <=
    - Re: 2 security concerns: remote init, and disabling CVSROOT/passwd, Derek Price, 2007/05/09

Prev by Date: [bug #19822] cvs update -I don't ignore files properly
Next by Date: Re: 2 security concerns: remote init, and disabling CVSROOT/passwd
Previous by thread: Re: 2 security concerns: remote init, and disabling CVSROOT/passwd
Next by thread: Re: 2 security concerns: remote init, and disabling CVSROOT/passwd
Index(es):
- Date
- Thread