info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS security question


From: Greg A. Woods
Subject: Re: CVS security question
Date: Wed, 4 Feb 2004 15:36:02 -0500 (EST)

[ On Tuesday, February 3, 2004 at 13:05:57 (-0800), Pankaj Garg wrote: ]
> Subject: Re: CVS security question
>
> I wonder why do we not CVS has a server which run with SUID (Super User ID) 
> and only it can access repository.

Because CVS is not a security tool, nor is it "security aware".

What you want to do can be done entirely with SSH and SSH was designed
to do exactly that sort of thing.

CVS is a user tool -- no different in its conceptual function than "vi"
or "cat".  You sure wouldn't want a client/server version of "vi" to be
authanticating and authorising the client's actions, but you could and
should easily use SSH to make the connection between the client and
server parts of such a tool.

-- 
                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <address@hidden>
Planix, Inc. <address@hidden>          Secrets of the Weird <address@hidden>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]