|
| From: | Mike Ayers |
| Subject: | Re: Security setup |
| Date: | Thu, 19 Dec 2002 22:58:56 -0800 |
| User-agent: | Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130 |
Larry Jones wrote:
Mike Ayers writes:Let me make sure of this. You're saying that even when running only over ssh, in a jail, with a login shell of cvs, someone can still get shell access?They can't actually get an interactive shell, but unless you criple CVS, they can execute arbitrary commands, which is equivalent.
So call me "Tanya", hand me a crowbar, and point to the kneecaps! Are we talking crippling by configuration here - disallowing commit scripts and the like? That would be fine, since we want nothing but checkout, checkin, and accounting. Or will I need to do the dirty work inside the codebase, which would be less appealing?
TiA,
___
| anya
| [Prev in Thread] | Current Thread | [Next in Thread] |