* Dimitri Maziuk <[EMAIL PROTECTED]> [2001.11.29 16:16:48-0600]: > You are still missing the point. Hopefully, you've read my post by > now, but I'll reiterate. > > CVS documentation states that pserver plus write access to CVS > repository can be subverted to execute arbitrary code on the > server. The point of using ssh is to get rid of pserver, not > to encrypt the actual downloads (that would be rather pointless, > no?) Of course ssh will still do the encryption, but that's > just a side-effect.
i think i actually did miss this point. i know how you can exploit this, but it's only applicable if you *do* actually have write access, which would be pretty foolish in an anonymous setup. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" [EMAIL PROTECTED] sum quod eris.
pgpPOcaFnEvHf.pgp
Description: PGP signature