[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security concern CVSROOT

From: Noel L Yap
Subject: Re: Security concern CVSROOT
Date: Wed, 25 Oct 2000 12:54:01 -0400

You can even set permissions (both traditional permissions and file system ACLs)
on the CVSROOT directory itself to allow/disallow checkouts/checkins of the
stuff within CVSROOT.  There are, however, a couple of files within CVSROOT that
you'll have to be careful of (IIRC, history and valtags).


address@hidden on 2000.10.25 11:45:14

To:   address@hidden
cc:   address@hidden (bcc: Noel L Yap)
Subject:  Re: Security concern CVSROOT

Martin Vogt writes:
> I dont like it that every user can remotely execute commands.
> I like to have the ability that the mkmodules call is protected.
> I like to have a config obtion in CVSROOT which do something like
> this:
> MkModules=/usr/sbin/alertsysadmin_by_mail
> Or as default: leave it blank, then it rebuilds mkmodules.
> CVSROOT is not changed very much, so it is acceptable that
> it is done by some "admin"

The whole point of CVSROOT being part of the repository is that you can
use normal CVS methods to do all of these things.  For example, you can
use system file permissions and/or commitinfo to limit commits (which is
what triggers mkmodules) and you can use loginfo to do notifications.

-Larry Jones

The real fun of living wisely is that you get to be smug about it. -- Hobbes

Info-cvs mailing list

This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]