info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvs ext (ssh), but no shell access..


From: JacobRhoden
Subject: Re: cvs ext (ssh), but no shell access..
Date: Fri, 26 Sep 2003 08:24:25 +1000
User-agent: KMail/1.5

On Fri, 26 Sep 2003 02:57 am, Rob Helmer wrote:
> 1) permanently delete files under CVS control
> 2) run arbitrary commands (including commands they upload)

> 1 is bad enough, but 2 could allow them (or someone with access to their
> account) to use the server for any manner of attack on other servers
> either inside or outside of your organization.

An important 3, if you work for a large organisation or Bank, the an Audit 
requirement includes that the user must not be able to access the repository 
files because they could edit the file history (ie do dodgy things)

Regards,
Jacob

_______________________
http://rhoden.id.au/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]