From owner-freebsd-bugs Sat Oct 23 9:10: 7 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 63C0614C2F for ; Sat, 23 Oct 1999 09:10:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id JAA96846; Sat, 23 Oct 1999 09:10:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Sat, 23 Oct 1999 09:10:02 -0700 (PDT) Message-Id: <199910231610.JAA96846@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Nate Williams Subject: Re: conf/14463: cvs pserver does not work with out-of-the-box configuration Reply-To: Nate Williams Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR conf/14463; it has been noted by GNATS. From: Nate Williams To: timj@systembureau.com Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: conf/14463: cvs pserver does not work with out-of-the-box configuration Date: Sat, 23 Oct 1999 10:07:10 -0600 > >Number: 14463 > >Category: conf > >Synopsis: cvs pserver does not work with out-of-the-box configuration > >Confidential: no > >Severity: non-critical > >Priority: low > >Responsible: freebsd-bugs > >State: ope > >Quarter: > >Keywords: > >Date-Required: > >Class: change-request > >Submitter-Id: current-users > >Arrival-Date: Sat Oct 23 06:47:18 PDT 1999 > >Closed-Date: > >Last-Modified: > >Originator: Tim Jansen > >Release: 3.3 > >Organization: > >Environment: > FreeBSD fizz.systembureau.com 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Thu Sep 16 23:40:35 GMT 1999 jkh@highwing.cdrom.com:/usr/src/sys/compile/GENERIC i386 > > >Description: > I installed the 3.3 distribution (on a P200 no-name machine) and > wanted to install the cvs pserver. So I looked in the inetd.conf > file and found the following cvspserver lines. > # > # CVS servers - for master CVS repositories only! > # > #cvspserver stream tcp nowait root /usr/bin/cvs cvs pserver > #cvs stream tcp nowait root /usr/bin/cvs cvs kserver > > > I uncommmented them, restarted inetd of course, but when I tried to log into > the server, i get the following message after entering my password: > > [timon:~]cvs login > (Logging in to timj@fizz.sfabrik.de) > CVS password: > Server configuration missing --allow-root in inetd.conf > cvs [login aborted]: authorization failed: server fizz.sfabrik.de rejected access > > The "Server configuration..." message seems to come from cvs. When I telnet to > the server, inetd accepts the TCP connection and I can talk to > CVS. CVS needs to be configured correctly. Note, *UNLESS* you know what you are doing (and it takes a bit of work), 'pserver' mode becomes a trivial way to break root on your box. FreeBSD should *NOT* allow pserver mode to be setup out of the box if security is at all a concern. Please read the cvs man pages, as well as the security pages on www.cylic.com to discuss the security issues. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message