Date: Sun, 25 Jan 1998 20:37:50 +0100 From: Eivind Eklund <eivind@yes.no> To: Nate Williams <nate@mt.sri.com> Cc: Eivind Eklund <eivind@yes.no>, Andreas Klemm <andreas@klemm.gtn.com>, hackers@FreeBSD.ORG Subject: Re: why not CVS server support ? Message-ID: <19980125203750.05884@follo.net> In-Reply-To: <199801251932.MAA28784@mt.sri.com>; from Nate Williams on Sun, Jan 25, 1998 at 12:32:29PM -0700 References: <19980125175618.10691@klemm.gtn.com> <19980125183247.09801@follo.net> <199801251932.MAA28784@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 25, 1998 at 12:32:29PM -0700, Nate Williams wrote: > > > Hi ! > > > > > > Why don't we support cvs server in the base OS ? > > > > (I assume you mean the cvs pserver mode?) Why would we want to? > > And what gives you the impression we don't support it? Andreas' mail ;-) I wouldn't have paid much attention if somebody disabled it (as it is dysfunctional and a security hole), so I assumed that was what he was talking about. > > pserver mode has had a few security violations in the past, and it > > wouldn't surprise me if has been turned of for that reason. > > It takes a bit of work to make pserver mode secure, and those security > precautions simply weren't taken since the remote CVS stuff doesn't work > well enough to use it on a regular basis. The only way I've seen of making it _fairly_ secure is to run it in a chroot()ed environement. With the number of other security problems it has had (allowing remote execution), I wouldn't consider that secure, either - any kernel security hole that can be exploited by a user program could still be abused. Read-only access in a chroot()ed environement is supposed to be fairly secure, but I still wouldn't trust it. Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980125203750.05884>