BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cvs + xinetd setgid problem

Subject: cvs + xinetd setgid problem
From: derek at ihtfp.com (Derek Atkins)
Date: Tue, 24 Feb 2004 14:02:29 -0500
In-reply-to: <200402241317.35782.nullpointer@pobox.com> (Dan Barrett's message of "Tue, 24 Feb 2004 13:17:35 -0500")
References: <200402241317.35782.nullpointer@pobox.com>

Why are you even trying to use 'pserver' for write operations?  That's
a security hole waiting to bit you in the rear.  You should only really
use pserver for read operations (i.e. anonymous cvs).  IMHO it should not
be used for anything else.

You should use cvs over ssh for write access.

I'd also recommend you look into cvsd to limit your anon-cvs to a
chroot'ed environment.

-derek

Dan Barrett <nullpointer at pobox.com> writes:

> Folks,
> I'm trying to run a cvs respository on my Gentoo box.  I've got xinetd 
> running, with the cvspserver config (/etc/xinetd.d/cvspserver) looking like 
> so:
[snip]

-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

Follow-Ups:
- cvs + xinetd setgid problem
  - From: nullpointer at pobox.com (Dan Barrett)

References:
- cvs + xinetd setgid problem
  - From: nullpointer at pobox.com (Dan Barrett)

Prev by Date: Linux drive in a Windows box
Next by Date: Linux drive in a Windows box
Previous by thread: Linux drive in a Windows box
Next by thread: cvs + xinetd setgid problem
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org