[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How best to secure CVS?
From: |
Larry Jones |
Subject: |
Re: How best to secure CVS? |
Date: |
Thu, 8 Nov 2001 11:00:22 -0500 (EST) |
Greg A. Woods writes:
>
> [ On Wednesday, November 7, 2001 at 12:36:15 (-0800), Villalovos, John L
> wrote: ]
> > Subject: How best to secure CVS?
> >
> > Can a user who has a CVS account gain root
> > access on a system running pserver?
>
> That's less likely, but not the real point of CVS security.
If you use pserver and don't correctly protect the CVSROOT/passwd file,
it's trivially easy.
The bottom line is that there are lots of different kinds of security
and you need to decide exactly what it is that *you* mean by it before
you can make any kind of decisions about whether a particular use of CVS
is/isn't, or can/can't be made, "secure".
-Larry Jones
Let's just sit here a moment... and savor the impending terror. -- Calvin