[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Any plan to merge cvspwd into cvs?
From: |
Mark A. Flacy |
Subject: |
Re: Any plan to merge cvspwd into cvs? |
Date: |
05 May 2002 14:13:18 -0500 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 |
>>>>> "Ben" == Ben Kial <address@hidden> writes:
Ben>
Ben> I am new to CVS administration and I could some education here... The
Ben> "cvspwd" only changes the password file under CVSROOT/password. This
Ben> has nothing to do with any Unix user account. I don't understand how
Ben> can this cause any security problem? Worst comes to worst, a hacker
Ben> can only add/modify/delete CVS users (which in my setting I map them
Ben> all to a Unix "cvsguest" user account). The best (or worst) he can do
Ben> is to mess up the CVS repository, right?
Heh. You might really want to be sure *who* is performing changes to your
repository.
How about the disgruntled employee that codes in a back door or a worm into
your product? Not only would you want to know who did it but you'd like to
be able to check the *other* changes that they had made to the code base.