Re: Linux security issues as they pertain to CVS

Sat, 26 May 2001 10:14:43 -0700 

[ On Saturday, May 26, 2001 at 03:07:20 (-0400), Larry Jones wrote: ]
> Subject: Re: Linux security issues as they pertain to CVS
>
> Greg A. Woods writes:
> > 
> > So, if you don't have root access then how the heck do you propose to
> > implement CVS Pserver?!?!?!?  (Hint:  you cannot.)
> 
> Of course you can.  All you need to do is run a private copy of inetd
> (or whatever replacement you like) as a non-root user, have it run CVS
> as the same non-root user, and use CVSROOT/passwd to map all valid CVS
> users to that same non-root system user.  QED.

Yeah, and there's "nc -l" too.  But is either going to work in a
production environment in a development shop?  I doubt it....

I'll bet it'll bring any sane and knowledgeable security officer down so
hard on your head too that you won't even know what hit you.

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <[EMAIL PROTECTED]>     <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>;   Secrets of the Weird <[EMAIL PROTECTED]>

_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs

Reply via email to