From owner-freebsd-hackers Sun Jan 25 11:43:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA09434 for hackers-outgoing; Sun, 25 Jan 1998 11:43:46 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA09427 for ; Sun, 25 Jan 1998 11:43:40 -0800 (PST) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id MAA06371; Sun, 25 Jan 1998 12:43:26 -0700 (MST) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id MAA28850; Sun, 25 Jan 1998 12:43:23 -0700 Date: Sun, 25 Jan 1998 12:43:23 -0700 Message-Id: <199801251943.MAA28850@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Eivind Eklund Cc: Nate Williams , Andreas Klemm , hackers@FreeBSD.ORG Subject: Re: why not CVS server support ? In-Reply-To: <19980125203750.05884@follo.net> References: <19980125175618.10691@klemm.gtn.com> <19980125183247.09801@follo.net> <199801251932.MAA28784@mt.sri.com> <19980125203750.05884@follo.net> X-Mailer: VM 6.29 under 19.15 XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk > > > > Hi ! > > > > > > > > Why don't we support cvs server in the base OS ? > > > > > > (I assume you mean the cvs pserver mode?) Why would we want to? > > > > And what gives you the impression we don't support it? > > Andreas' mail The query was intended for Andreas, not for you. As you stated at the end of your email, it does indeed work, so I think both you and I must be misunderstanding his question. > > It takes a bit of work to make pserver mode secure, and those security > > precautions simply weren't taken since the remote CVS stuff doesn't work > > well enough to use it on a regular basis. > > The only way I've seen of making it _fairly_ secure is to run it in a > chroot()ed environement. I'm not sure I follow. What kind of 'insecurity' do you think there is? The only issue now is that it can allow you to other parts of your CVSROOT that you don't intend the user to have access to. > With the number of other security problems > it has had (allowing remote execution), I wouldn't consider that > secure, either - any kernel security hole that can be exploited by a > user program could still be abused. Umm, what kind of remote execution problems are you speaking of? PSERVER mode allows you to connet to a port and do remote CVS commands. Are you confusing PSERVER mode with standard RCVS mode which requires remote shell access? Nate