info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvs 1.11.2 and pserver on Linux


From: Larry Jones
Subject: Re: cvs 1.11.2 and pserver on Linux
Date: Wed, 8 May 2002 10:56:08 -0400 (EDT)

Zanabria, Moises writes:
> 
> yep,  I've compiled with SETXID_SUPPORT, I've modified main.c running it
> setuid, I just added line to main.c near the beginning:
> 
> setuid(geteuid());
> 
> like FAQ file it recommends.

Huh?  The FAQ says that might help you run setuid (not setgid), but
discourages it.  SETXID_SUPPORT is intended to help you run setgid.  For
setgid, the FAQ says to add:

        setgid(getegid());

near the front of main, but that advice predates SETXID_SUPPORT -- if
you're compiling with SETXID_SUPPORT you *don't* want to add that line.

> here is my cvs binary permissions:
> -rwxr-sr-x    1 root     p3cvsg    1557704 May  6 15:49 /usr/bin/cvs

OK, so CVS is setgid to p3cvsg.  The SETXID_SUPPORT code is only
effective if it can tell that CVS is setgid, which it does by comparing
the real and effective group IDs.  That means that you must configure
[x]inetd to run CVS as some group other than p3cvsg for it to work
correctly.

-Larry Jones

How am I supposed to learn surgery if I can't dissect anything? -- Calvin



reply via email to

[Prev in Thread] Current Thread [Next in Thread]