[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patches: cvs --allow-root=/blah server
From: |
Larry Jones |
Subject: |
Re: Patches: cvs --allow-root=/blah server |
Date: |
Tue, 3 Apr 2001 11:39:50 -0400 (EDT) |
Jan Grant writes:
>
> In riposte, can I ask: why does pserver need --allow-root?
Because pserver typically runs as root and uses the client-supplied root
to look for a CVSROOT/passwd file that says who's allowed to log in and
who they should run as. If it weren't for --allow-root, someone with
access to the server machine could point pserver at an arbitrary root
directory that contains their own passwd file that lets them log in and
run as root (or anyone else, for that matter). Because server runs as
the actual user from the start, it's not subject to that kind of a
security problem.
> (a) defense in depth; (b) paranoia; (c) it's simpler; (d) there's a
> limit to the number of groups that a person can be in*.
I don't find any of those arguments persuasive.
-Larry Jones
It's clear I'll never have a career in sports until I learn
to suppress my survival instinct. -- Calvin