Derek Price wrote: > I see your point. What about `cvs server'? I can see both setups being > useful... an admin who allowed users access to the CVS repository would > probably prefer not to allow the config file to be specified whereas an > admin who restriced the command that SSH users could run to a particular > shell script that provided the -c option wouldn't mind... perhaps it > should be a compile time option, with the default to disallow it.
On further consideration, if we are going to consider a configurable config path with other CVS modes a security risk, then using it with pserver has to be considered a security risk too. There is nothing stopping a creative user with shell access to a machine from using pserver mode to access their repository. I might argue that any administrator worried that much about security should be disabling shell access to the machine anyhow, which would deal with any insecurity resulting from a configurable config path, but I don't feel so strongly about it that I wouldn't happily install it as a compile-time option that defaults to off. Regards, Derek _______________________________________________ Bug-cvs mailing list Bug-cvs@gnu.org http://lists.gnu.org/mailman/listinfo/bug-cvs
