[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers-public] Re: 2 security concerns: remote init, and disa
[Savannah-hackers-public] Re: 2 security concerns: remote init, and disabling CVSROOT/passwd
Tue, 8 May 2007 23:08:00 +0200
> > I don't know if you still want the --allow-root-regexp patch merged into
> > 1.12.x, but I found some discussion in the archives and it sounds like
> > we were waiting on documentation and test cases for the change.
I think this is a good way to prevent access to repositories outside
or downside the allowed hierarchy, while keeping it maintainable (no
list of repositories to rebuild), e.g.
Unless there's a better way, here's an updated patch against HEAD :)
Description: Text Data