From owner-freebsd-security  Mon Nov  5 21:19:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80])
	by hub.freebsd.org (Postfix) with ESMTP id D346237B417
	for <security@FreeBSD.ORG>; Mon,  5 Nov 2001 21:19:09 -0800 (PST)
Received: (from eugen@localhost)
	by www.svzserv.kemerovo.su (8.11.6/8.11.6) id fA65IeS87440;
	Tue, 6 Nov 2001 12:18:40 +0700 (KRAT)
	(envelope-from eugen)
Date: Tue, 6 Nov 2001 12:18:40 +0700
From: Eugene Grosbein <eugen@grosbein.pp.ru>
To: David G Andersen <danderse@cs.utah.edu>
Cc: security@FreeBSD.ORG
Subject: Re: Running secured local anoncvs server for FreeBSD CVS Repository
Message-ID: <20011106121840.B77269@svzserv.kemerovo.su>
References: <20011106110346.A77269@svzserv.kemerovo.su> <200111060411.fA64BKh11658@faith.cs.utah.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200111060411.fA64BKh11658@faith.cs.utah.edu>; from danderse@cs.utah.edu on Mon, Nov 05, 2001 at 09:11:20PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, Nov 05, 2001 at 09:11:20PM -0700, David G Andersen wrote:

> See 'anoncvssh', from the OpenBSD project:
> http://openbsd.sunsite.ualberta.ca/papers/anoncvs-paper.ps
> Then grab the distribution:
> http://www.openbsd.org/anoncvs.shar
> 
> Then follow the instructions in the README.  Since this isn't
> a real CVS tree that you're granting access to (i.e. not one
> that you're making commits to yourself), the setup is really
> quite straightforward.  Works well, is a CPU and disk bandwidth/seek
> hog, but it's super convenient for local access.
> (These are features of using CVS instead of CVSup, NOT features
> of anoncvssh.  anoncvssh just gives you a more secure way of
> doing the ssh).
> 
> If you're super paranoid, you can mount large parts of the 
> CVS repository read-only.

It seems anoncvssh need OpenBSD's cvs distribution and 
modifications of some files inside the Repo that is what 
I would rather avoid to do. Is it safe to hack CVSROOT/*?

And if I'll want to provide public access once, will I be allowed
to limit using of compression?

Eugene Grosbein

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message