Hello,
I want to set up CVS in a way so that some dedicated cvs users cannot do
anything hostile. For that reason they have to login via SSH and their
login shell is a simple program that checks that they want to execute
"cvs server" and then executes "cvs server" itself. But now a simple
"cvs -d :ext:<user>@host:/tmp/<any name> init" allows those users to
"pollute" the /tmp directory (or any other directory they are allowed to
write to, even within an existing repository they have access to).
Should not creating new repositories be disallowed via remote access?
Another question I asked some time ago on this list:
Is --allow-root evaluated for "cvs server" in the current development
version, or is it at least on the todo list?
Stephan
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
