From owner-cvs-all@FreeBSD.ORG Mon Jan 26 13:02:30 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B961016A4CE; Mon, 26 Jan 2004 13:02:30 -0800 (PST) Received: from b.mail.sonic.net (b.mail.sonic.net [64.142.19.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 145B543D2D; Mon, 26 Jan 2004 13:02:29 -0800 (PST) (envelope-from bmah@intruder.kitchenlab.org) Received: from intruder.kitchenlab.org (adsl-64-142-31-106.sonic.net [64.142.31.106]) by b.mail.sonic.net (8.12.10/8.12.7) with ESMTP id i0QL2Shj015169 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 26 Jan 2004 13:02:28 -0800 Received: from intruder.kitchenlab.org (bmah@localhost [127.0.0.1]) i0QL2SpW002457; Mon, 26 Jan 2004 13:02:28 -0800 (PST) (envelope-from bmah@intruder.kitchenlab.org) Received: (from bmah@localhost) by intruder.kitchenlab.org (8.12.10/8.12.10/Submit) id i0QL2SK9002456; Mon, 26 Jan 2004 13:02:28 -0800 (PST) (envelope-from bmah) Date: Mon, 26 Jan 2004 13:02:28 -0800 From: "Bruce A. Mah" To: "Jacques A. Vidrine" Message-ID: <20040126210228.GA2411@intruder.kitchenlab.org> References: <200401260008.i0Q08cIl014780@repoman.freebsd.org> <20040126000922.GA6102@madman.celabo.org> <20040126004123.GJ53344@elvis.mu.org> <20040126125638.GC9772@madman.celabo.org> <4015377A.3000609@freebsd.org> <20040126165039.GC98500@intruder.kitchenlab.org> <20040126200556.GB76044@madman.celabo.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX" Content-Disposition: inline In-Reply-To: <20040126200556.GB76044@madman.celabo.org> User-Agent: Mutt/1.4.1i X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-url: http://www.employees.org/~bmah/ cc: "Bruce A. Mah" cc: src-committers@FreeBSD.org cc: re@FreeBSD.org cc: cvs-src@FreeBSD.org cc: Alfred Perlstein cc: Scott Long cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/contrib/cvs/src server.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2004 21:02:30 -0000 --huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable If memory serves me right, Jacques A. Vidrine wrote: > I think that `run as root' has been misinterpreted by some. Probably by me. :-p > This change does *NOT* suddenly make an inetd.conf configuration line > like the following stop working: >=20 > cvspserver stream tcp nowait root /usr/bin/cvs cvs --al= low-root=3D/your/cvsroot/here pserver >=20 > Rather, the change disables lines like the following in > $CVSROOT/CVSROOT/passwd: >=20 > luser:bxOZZuQd4CoXs:root >=20 > Without this fix, one who can modify $CVSROOT/CVSROOT/passwd would be > able to gain root access. If someone "in the know" could suggest a better wording than what I wrote, I'd appreciate it. Otherwise I'll try to come more up to speed on this usage of CVS and write the right thing. Thanks, Bruce. --huq684BweRXVnRxX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFAFYBj2MoxcVugUsMRAp98AKDpb2L0V2SrD1m1HKJ96gOMwI94tQCbB9r0 Xf7blB9V6WdxGw6qb6SBuuc= =mANq -----END PGP SIGNATURE----- --huq684BweRXVnRxX--