Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 5 Nov 2001 21:11:20 -0700 (MST)
From:      David G Andersen <danderse@cs.utah.edu>
To:        eugen@grosbein.pp.ru (Eugene Grosbein)
Cc:        security@FreeBSD.ORG
Subject:   Re: Running secured local anoncvs server for FreeBSD CVS Repository
Message-ID:  <200111060411.fA64BKh11658@faith.cs.utah.edu>
In-Reply-To: <20011106110346.A77269@svzserv.kemerovo.su> from "Eugene Grosbein" at Nov 06, 2001 11:03:46 AM
next in thread | previous in thread | raw e-mail | index | archive | help 
See 'anoncvssh', from the OpenBSD project:

http://openbsd.sunsite.ualberta.ca/papers/anoncvs-paper.ps

Then grab the distribution:

http://www.openbsd.org/anoncvs.shar

Then follow the instructions in the README.  Since this isn't
a real CVS tree that you're granting access to (i.e. not one
that you're making commits to yourself), the setup is really
quite straightforward.  Works well, is a CPU and disk bandwidth/seek
hog, but it's super convenient for local access.
(These are features of using CVS instead of CVSup, NOT features
of anoncvssh.  anoncvssh just gives you a more secure way of
doing the ssh).

If you're super paranoid, you can mount large parts of the 
CVS repository read-only.

  -Dave

Lo and behold, Eugene Grosbein once said:
> 
> Hi!
> 
> I run local cvsup-mirror of FreeBSD CVS Repository. It runs just fine.
> I would like to provide read-only anoncvs access to the Repo and wonder
> how to make it secure. E.g. I do not want users to:
> 
> - make brute-force attacks to /etc/master.passwd
> - touch the Repo in any way, no commits, no tags, no
>   val-tags nor history nor any other file modifications.
> 
> Is it possible?
> 
> Eugene Grosbein
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111060411.fA64BKh11658>