[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cvs ext (ssh), but no shell access..
From: |
JacobRhoden |
Subject: |
Re: cvs ext (ssh), but no shell access.. |
Date: |
Fri, 26 Sep 2003 08:24:25 +1000 |
User-agent: |
KMail/1.5 |
On Fri, 26 Sep 2003 02:57 am, Rob Helmer wrote:
> 1) permanently delete files under CVS control
> 2) run arbitrary commands (including commands they upload)
> 1 is bad enough, but 2 could allow them (or someone with access to their
> account) to use the server for any manner of attack on other servers
> either inside or outside of your organization.
An important 3, if you work for a large organisation or Bank, the an Audit
requirement includes that the user must not be able to access the repository
files because they could edit the file history (ie do dodgy things)
Regards,
Jacob
_______________________
http://rhoden.id.au/