Date: Sun, 25 Jan 1998 12:43:23 -0700 From: Nate Williams <nate@mt.sri.com> To: Eivind Eklund <eivind@yes.no> Cc: Nate Williams <nate@mt.sri.com>, Andreas Klemm <andreas@klemm.gtn.com>, hackers@FreeBSD.ORG Subject: Re: why not CVS server support ? Message-ID: <199801251943.MAA28850@mt.sri.com> In-Reply-To: <19980125203750.05884@follo.net> References: <19980125175618.10691@klemm.gtn.com> <19980125183247.09801@follo.net> <199801251932.MAA28784@mt.sri.com> <19980125203750.05884@follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > Hi ! > > > > > > > > Why don't we support cvs server in the base OS ? > > > > > > (I assume you mean the cvs pserver mode?) Why would we want to? > > > > And what gives you the impression we don't support it? > > Andreas' mail The query was intended for Andreas, not for you. As you stated at the end of your email, it does indeed work, so I think both you and I must be misunderstanding his question. > > It takes a bit of work to make pserver mode secure, and those security > > precautions simply weren't taken since the remote CVS stuff doesn't work > > well enough to use it on a regular basis. > > The only way I've seen of making it _fairly_ secure is to run it in a > chroot()ed environement. I'm not sure I follow. What kind of 'insecurity' do you think there is? The only issue now is that it can allow you to other parts of your CVSROOT that you don't intend the user to have access to. > With the number of other security problems > it has had (allowing remote execution), I wouldn't consider that > secure, either - any kernel security hole that can be exploited by a > user program could still be abused. Umm, what kind of remote execution problems are you speaking of? PSERVER mode allows you to connet to a port and do remote CVS commands. Are you confusing PSERVER mode with standard RCVS mode which requires remote shell access? Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801251943.MAA28850>