info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Any plan to merge cvspwd into cvs?


From: Ben Kial
Subject: Re: Any plan to merge cvspwd into cvs?
Date: Sun, 05 May 2002 18:25:47 GMT

I am new to CVS administration and I could some education here...

The "cvspwd" only changes the password file under CVSROOT/password.
This has nothing to do with any Unix user account. I don't understand how
can this cause any security problem? Worst comes to worst, a hacker can
only add/modify/delete CVS users (which in my setting I map them all to
a Unix "cvsguest" user account). The best (or worst) he can do is to mess
up the CVS repository, right?

Thanks,

Ben

"Greg A. Woods" <address@hidden> wrote in message
news:address@hidden
> [ On Wednesday, May 1, 2002 at 07:23:23 (GMT), Ben Kial wrote: ]
> > Subject: Any plan to merge cvspwd into cvs?
> >
> > I have been using "cvspwd" to manage my CVS user accounts in
> > my :pserver host so that I don't have to create Unix accounts for
> > each CVS user. However, "cvspwd" can only be executed by the
> > repository owner, which means each CVS user cannot change
> > their own password...
> >
> > Is there any plan from the CVS team to include "cvspwd" into future
> > releases of CVS and have a "cvs passwd" command for users to
> > manage their own passwords?
>
> I should certainly hope not.
>
> That would be an additional security risk on top of a major security
problem.
>
> Please consider switching to SSH.
>
> --
> Greg A. Woods
>
> +1 416 218-0098;  <address@hidden>;  <address@hidden>;
<address@hidden>
> Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird
<address@hidden>
>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]