Larry Jones wrote:
So call me "Tanya", hand me a crowbar, and point to the kneecaps! Are we talking crippling by configuration here - disallowing commit scripts and the like? That would be fine, since we want nothing but checkout, checkin, and accounting. Or will I need to do the dirty work inside the codebase, which would be less appealing?Mike Ayers writes:Let me make sure of this. You're saying that even when running only over ssh, in a jail, with a login shell of cvs, someone can still get shell access?
They can't actually get an interactive shell, but unless you criple CVS, they can execute arbitrary commands, which is equivalent.
TiA,
___
| anya
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
