Re: cvs-nserver and latest CVS advisory

[Noel L Yap]

[EMAIL PROTECTED] on 2000.08.10 22:09:44
>On Thu, Aug 10, 2000 at 01:44:54PM -0400, Greg A. Woods wrote:
>
>> You haven't shown that at all, and indeed you haven't calculated your
>> risks based on the likely threats.
>
>Yes I have. That's what I just did.

I think the keyword here is "calculated".

>Yes, and to have ANY security at all you *have* to chroot and you
>have to use real unix userids. That's true for the ssh solution just
>as much as it's true for the pserver.

I think this has been discussed before but I missed it.  How do you securely
configure SSH CVS server to be chroot'ed?  Is it in a FAQ?

Noel



This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.