From owner-freebsd-hackers Mon Sep 22 04:29:11 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id EAA06895 for hackers-outgoing; Mon, 22 Sep 1997 04:29:11 -0700 (PDT) Received: from haywire.dialix.com.au (news@haywire.dialix.com.au [202.12.86.2]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id EAA06889 for ; Mon, 22 Sep 1997 04:29:04 -0700 (PDT) Received: (from news@localhost) by haywire.dialix.com.au id TAA28791 for freebsd-hackers@freebsd.org; Mon, 22 Sep 1997 19:28:57 +0800 (WST) X-Authentication-Warning: haywire.dialix.com.au: news set sender to usenet-request@haywire.dialix.com using -f Received: from GATEWAY by haywire.dialix.com.au with netnews for freebsd-hackers@freebsd.org (problems to: usenet@haywire.dialix.com) To: freebsd-hackers@freebsd.org Date: 22 Sep 1997 11:28:57 GMT From: peter@spinner.netplex.com.au (Peter Wemm) Message-ID: <874927737.27738@haywire.dialix.com.au> Organization: DIALix Internet Services References: <199709182330.BAA07105@bitbox.follo.net> Subject: Re: cvs pserver mode Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article , marcs@znep.com (Marc Slemko) writes: > On Fri, 19 Sep 1997, Eivind Eklund wrote: > >> > >> > >> does any of you have trouble using pserver mode of cvs? >> > >First, don't use pserver. It sucks. Badly. It stores unencrypted >> > >passwords on the clients disk and anyone with a shell on the server an >> > >steal connections (and hence passwords) from users connecting. Bad. >> > >Secondly, you need the --allow-root option to tell it what repositories to >> > >use. This is new in 1.9.10 or something like that. >> > >> > [option list deleted] >> > - give an account (say, "mygroup") to them and use rsh/ssh >> >> I consider this the only sensible thing. Give them an account with >> the shell pointing at a text file containing >> #!/bin/sh >> /usr/bin/cvs server >> >> and set permissions so they can't write to the cvs repository. Little > > To do this, you need to hack cvs to allow read-only respositories and be > sure that you have _no_ way that anyone can upload arbitrary files that > will be readable by the user running the above. If you have something No need to hack if you are using the FreeBSD version, it's got a '-R' option to allow readonly operation (A CD-ROM cvs tree was the original intended use of this). > like anonymous ftp uploads which are world readable, then they can > trivially get a shell as the uid cvs runs as. Hmm, wonder if the > --allow-root option works with cvs "server"... > >> security risk (except that they can exploit bugs in cvs) - even less >> if you go for a chrooted environment (which will probably need some >> hacking to get set up) > >