"TW" == Tobias Weingartner [EMAIL PROTECTED] writes:
Unfortunately the way Unix is written there is no other way to gain
access to setgid. If there were, my problem would be solved. If CVS had
some other kind of group access control technology in it that would also
solve my problem, but it
"LJ" == Larry Jones [EMAIL PROTECTED] writes:
I've patched CVS 1.10.8 so that it supports a new command line option:
cvs --chroot /some/chroot/root/
LJ Why do you want to add a command line option to CVS rather than just
LJ using /usr/sbin/chroot in inetd.conf to run CVS?
Because single
[ On Saturday, August 5, 2000 at 15:49:21 (-0400), Justin Wells wrote: ]
Subject: Re: patch to make CVS chroot
WinCVS works very well with SSH on NT -- I've no experience with Win9x,
It most certainly does not!
It does. Even I could make it work with a very tiny amount of effort
and I've
[ On , August 6, 2000 at 11:21:35 (+0400), Alexey Mahotkin wrote: ]
Subject: Re: patch to make CVS chroot
Because single cvspserver can serve several repositories.
Not securely it cannot! ;-)
--
Greg A. Woods
+1 416 218-0098
[ On , August 6, 2000 at 11:12:01 (+0400), Alexey Mahotkin wrote: ]
Subject: Re: patch to make CVS chroot
Because when you are sourceforge.net and there are several (tens) thousands
of developers, things change it seems to me.
My meager little tiny systems can support millions of users (so
On Sun, Aug 06, 2000 at 12:54:09PM -0400, Greg A. Woods wrote:
Something that's been proven to work in production in professional
software development shops around the worls obviously isn't ``vapourware''!
Take off the "professional software development shop" training wheels and
try to solve
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (Greg A. Woods) writes:
See the recent thread on BUGTRAQ where someone "exposed" the
insecurities of cvspserver.
No. That's *not* cvspserver problem.
First half is a general server problem not restricted to cvspserver
and last half is client
"GAW" == Greg A Woods [EMAIL PROTECTED] writes:
http://alexm.here.ru/cvs-nserver/
That looks like a really good idea.
GAW Be warned that if used in the scenario where it provides "virtual
GAW repositories" it suffers the exact same design flaws (and is thus
GAW at least equally insecure) as
The --chroot flag also significantly reduces the risk here as well. Only
those executables you place into the chroot area are available for use. If
you don't need scripts in your CVS installation you could also do without
having any binaries at all--you could even place the chroot root in on
a
Josh Walker
Behavioral Technology Labs
http://btl.usc.edu
"Better Living Through Simulation"
[ On Monday, August 7, 2000 at 00:09:47 (+0400), Alexey Mahotkin wrote: ]
Subject: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
GAW See the recent thread on BUGTRAQ where someone "exposed" the
GAW insecurities of cvspserver.
I've always thought that this is not
[ On Sunday, August 6, 2000 at 18:47:33 (-0400), Justin Wells wrote: ]
Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
The --chroot flag also significantly reduces the risk here as well. Only
those executables you place into the chroot area are available for
[ On , August 7, 2000 at 03:51:42 (+0900), Tanaka Akira wrote: ]
Subject: Re: patch to make CVS chroot
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (Greg A. Woods) writes:
See the recent thread on BUGTRAQ where someone "exposed" the
insecurities of cvspserver.
No. That's *not*
I thought I was staring at the check.logs from some failed sanity.sh
runs for way too long before spotting the lines which failed to match.
Anyway, I wrote this script to solve the problem. It'll take the path
to a check.log as an argument and tell you what's wrong with one of the
patterns in
Whoops. I included the script this time. Might be nice in contrib. Or
better yet, in sanity.sh so that the script automatically goes back and
runs a line-by-line pattern check when the first one fails. Maybe I'll
go back and do that later.
Derek
--
Derek Price CVS
On Sun, Aug 06, 2000 at 07:37:56PM -0400, Greg A. Woods wrote:
If someone breaks your hacked chroot patch they will, by your design,
have superuser privileges, at which point chroot is meaningless because
anyone capable of doing the first crack will snuff your chroot in mere
seconds and
On Sun, Aug 06, 2000 at 07:11:07PM -0400, Greg A. Woods wrote:
No, the flaw in cvspserver is that it effectively merges the identities
of all unique users into one system level identity.
Uhh.. no. Read up on pserver. It performs a setuid/setgid to the user id
of the user logging in to it.
hi, dear experts,
i happened to a "end of the file from server" problem. below is my
environment:
server: NT 4.0, cvs NT 1.10.8 from
client: win98, wincvs 1.13b,
the network configuration here is rather complex. my win98 acts as NT
client, its home domain is domain1.
the cvs NT server is
On Sun, Aug 06, 2000 at 07:53:43PM -0400, Greg A. Woods wrote:
Yes, it is a cvspserver problem, and *only* a cvspserver problem. The
number and consequences of bugs in any version of CVS not using
cvspserver are totally irrelevant from a security point of view because
the only way they can
19 matches
Mail list logo
