Date: Sat, 23 Oct 1999 09:10:02 -0700 (PDT) From: Nate Williams <nate@mt.sri.com> To: freebsd-bugs@FreeBSD.org Subject: Re: conf/14463: cvs pserver does not work with out-of-the-box configuration Message-ID: <199910231610.JAA96846@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/14463; it has been noted by GNATS. From: Nate Williams <nate@mt.sri.com> To: timj@systembureau.com Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: conf/14463: cvs pserver does not work with out-of-the-box configuration Date: Sat, 23 Oct 1999 10:07:10 -0600 > >Number: 14463 > >Category: conf > >Synopsis: cvs pserver does not work with out-of-the-box configuration > >Confidential: no > >Severity: non-critical > >Priority: low > >Responsible: freebsd-bugs > >State: ope > >Quarter: > >Keywords: > >Date-Required: > >Class: change-request > >Submitter-Id: current-users > >Arrival-Date: Sat Oct 23 06:47:18 PDT 1999 > >Closed-Date: > >Last-Modified: > >Originator: Tim Jansen > >Release: 3.3 > >Organization: > >Environment: > FreeBSD fizz.systembureau.com 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Thu Sep 16 23:40:35 GMT 1999 jkh@highwing.cdrom.com:/usr/src/sys/compile/GENERIC i386 > > >Description: > I installed the 3.3 distribution (on a P200 no-name machine) and > wanted to install the cvs pserver. So I looked in the inetd.conf > file and found the following cvspserver lines. > # > # CVS servers - for master CVS repositories only! > # > #cvspserver stream tcp nowait root /usr/bin/cvs cvs pserver > #cvs stream tcp nowait root /usr/bin/cvs cvs kserver > > > I uncommmented them, restarted inetd of course, but when I tried to log into > the server, i get the following message after entering my password: > > [timon:~]cvs login > (Logging in to timj@fizz.sfabrik.de) > CVS password: > Server configuration missing --allow-root in inetd.conf > cvs [login aborted]: authorization failed: server fizz.sfabrik.de rejected access > > The "Server configuration..." message seems to come from cvs. When I telnet to > the server, inetd accepts the TCP connection and I can talk to > CVS. CVS needs to be configured correctly. Note, *UNLESS* you know what you are doing (and it takes a bit of work), 'pserver' mode becomes a trivial way to break root on your box. FreeBSD should *NOT* allow pserver mode to be setup out of the box if security is at all a concern. Please read the cvs man pages, as well as the security pages on www.cylic.com to discuss the security issues. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910231610.JAA96846>