-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark D. Baushke wrote:
> >An associated change I was putting off talking about was adding a > >global `-c <config_file>' option to cause CVS to look elsewhere for > >its configuration file. > > I worry about the security implications of this one. I don't believe it > can be allowed for anythiner other than :pserver: mode where the > administrator takes care of arguments to the cvs executable directly. > > If the user may provide a config file that specifies the commitinfo > triggers to use, it could subvert the intention of the repository > administrator. The administrator could get the same effect by putting a > symbolic link into CVSROOT for the config file... of course, it would be > well to ensure that rebuilding the repository database would not destroy > that link. I see your point. What about `cvs server'? I can see both setups being useful... an admin who allowed users access to the CVS repository would probably prefer not to allow the config file to be specified whereas an admin who restriced the command that SSH users could run to a particular shell script that provided the -c option wouldn't mind... perhaps it should be a compile time option, with the default to disallow it. Regards, Derek -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Cygwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCcAsgLD1OTBfyMaQRAo/CAKDwtOAvLA4p70qfyzIJ4WtwmUGX7ACfX3Ep bTrGiunRznuULICLrBmxykQ= =7I8L -----END PGP SIGNATURE----- _______________________________________________ Bug-cvs mailing list Bug-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/bug-cvs