A chroot environment is only good at containing what's inside it. It
does not prevent access to the chroot environment from outside.
In other words, chroot is fine for containing servers so that they cannot
access the rest of the system. But chroot does not protect something
from shell users, unless their shells are running in a different chroot
environment that does not overlap the first.
^
/ \
/ \
/ \
/ A \ A = outside user has access to chroot
/ | ^ \
/ | / \ \
/ |/ \ \
/ + \ \
/ /| \ \
/ / V \ \
/ / ok B->X\ \ B = server confined to chroot
/ / chroot \ \
/ +---------------+ \
+----------------------------+
/ filesystem
--- Forwarded mail from [EMAIL PROTECTED]
I've never used chroot'ed anything so I'm not sure if
a chrooted CVS will help prevent direct repo access
but it may still be worth looking into.
--- End of forwarded message from [EMAIL PROTECTED]
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
