info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Looking for Help with CVS 1.11.17


From: Todd Denniston
Subject: Re: Looking for Help with CVS 1.11.17
Date: Wed, 06 Oct 2004 09:35:01 -0500

"Malhotra, Neti" wrote:
> 
> Fellow CVS Users,
> 
> I am attempting to upgrade cvs on my Solaris server from cvs 1.10 to 
> cvs 1.11.17.  The build was successful, and I am able to use cvs from 
> that server without a problem.
> 
> Unfortunately, if I try to connect to the server from my PC using a 
> pserver connection in WinCVS, I am unable to perform a cvs login.  
> The error I am getting is:
> 
> cvs [login aborted]: setgid failed: Not owner
> 
> I have noticed in the source code that when trying to authenticate a 
> pserver connection, it is trying to switch users to the cvs user 
> requesting the login.  My concern is that if I change ownership/permission 
> of the cvs executable on the server so that it is run as root (which will 
> allow the swith in user) that this may cause problems for users trying to 
> access cvs from the server directly.  I do not see the "switch user" 
> happening if you are not using a pserver connection.
> 
> Does anyone have any ideas/guidance on how to tackle this problem?
> 
I believe most times cvs ran as pserver is ran from initd and thus ran as root
without having to change the perms on the executable.

https://www.cvshome.org/docs/manual/cvs-1.11.17/cvs_2.html#IDX80

however, if you are worried about security perhaps you should look at some of
the messages found in the following link
http://lists.gnu.org/archive/cgi-bin/namazu.cgi?query=pserver+and+security&submit=Search%21&idxname=info-cvs&max=20&result=normal&sort=score
And although sometimes I think Greg is a little over the top, I believe he
always reads correctly the depth of the security whole you would be creating,
you just have to decide if the risk he showed you is acceptable for your use
:).
http://lists.gnu.org/archive/html/info-cvs/2002-12/msg00216.html

My read has been that if you value security, and you must have pserver in your
organization, the pserver is 1) operating on a copy of the repository on a
machine that is not actually used, 2) only allows anonymous read only access.

Windows users seems to be the biggest trouble, you would have to figure out
how to get them using ssh to connect, when pserver seems sooo much easier. you
can check the archive for advice on windows and ssh with CVS.
http://lists.gnu.org/pipermail/info-cvs

> Thank you very much for your help -
> Neti

This is not intended to be direction to a gov contractor to do anything, just
a
listing of information which I have found that may answer the question which
was asked.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane) 
Harnessing the Power of Technology for the Warfighter
The opinions expressed here are not sanctioned by and do not necessarily 
represent those of my employer.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]