Best way to plug the CVS Security hole?

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Best way to plug the CVS Security hole?

From:	Mark
Subject:	Best way to plug the CVS Security hole?
Date:	Thu, 13 Dec 2001 07:18:33 -0800 (PST)

What's the best way to disable the update.prog and checkin.prog functionality?
Currently I have commented out 2 REQ lines  in the source that seem to call
this functionality. Is this the best way to do this?

We don't need the functionality and we are running cvs pserver with a non-root
account from inetd.conf.

Can this (disabling that functionality) be made easier to do in the next
release of CVS?

Thanks,

Mark

__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com

[Prev in Thread]

Current Thread

[Next in Thread]

Best way to plug the CVS Security hole?, Mark <=
- Re: Best way to plug the CVS Security hole?, Noel Yap, 2001/12/13

Prev by Date: Re: Wacky "Modified:" dates on checked out files.
Next by Date: Re: Ignoring (binary) files in update/commit
Previous by thread: Visual Basic and case-sensivity
Next by thread: Re: Best way to plug the CVS Security hole?
Index(es):
- Date
- Thread