Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)

[Justin Wells]

On Wed, Aug 09, 2000 at 03:57:16PM -0600, Tobias Weingartner wrote:
> On Wednesday, August 9, Justin Wells wrote:
> > 
> > If I move to ssh, I will definately still be using chroot. Even on a 
> > box where there's nothing else important there is no justification for 
> > giving away full fledged shells to people who don't need them.
> 
> Have a look at anoncvssh, with a rough 3-line change in that source code,
> it can be substituted as a shell for most CVS users.  No need to give
> full shell access, although I would treat each and every CVS access (short
> of full anoncvs access on a dedicated box) as being a full shell login
> anyhow, due to possible funky things being done with CVSROOT/* scripts...

Yeah I figure they'll get a shell, if they want it, so I'll make sure that
they live in a chroot which has only a restricted shell, if one at all, 
and nothing interesting to attack.

Justin