On 12/18/03 14:26:26, Derek Robert Price wrote: > Hash: SHA1 > > The idea of both is to make it harder to overwrite the CVSROOT/passwd > file and gain root. I've actually just commited a fix that will be > released soon with 1.11.11 & 1.12.5 which causes CVS to refuse to > continue running if the system user specified in CVSROOT/passwd maps to > root, but that doesn't stop anyone with write access to the > CVSROOT/passwd file from assuming any other UID they'd like.
I posted a patch long ago that did just this for pserver connections. If the mapped name correlates to root (uid 0) then access is denied. Go for it. -- Mike Sutton SAIC Division 397 (937) 431-2273 FAX ext. 2297 [EMAIL PROTECTED] _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
