[Savannah-hackers-public] cvs: PamAuth enabled by default sounds like a

savannah-hackers-public

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] cvs: PamAuth enabled by default sounds like a

From:	Sylvain Beucler
Subject:	[Savannah-hackers-public] cvs: PamAuth enabled by default sounds like a security risk
Date:	Sun, 27 Nov 2005 16:36:08 +0100

Package: cvs
Version: 1:1.12.9-13
Severity: important

The fact PamAuth is enabled by default looks like a security risk:

When I import a repository from a non-Debian system, configured with
SystemAuth=no, I expect CVS not to fall back to the system for
authentication.

But since PamAuth is enabled by default, and was not available on the
non-Debian system (so I am likely not to know about this parameter,
which is incidentally rejected by non-Debian versions of CVS), then
CVS actually does that fallback.

The default value should be the same than SystemAuth; and only if
PamAuth is explicitely specified should CVS take its value into
account.

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers-public] cvs: PamAuth enabled by default sounds like a security risk, Sylvain Beucler <=
- [Savannah-hackers-public] Bug#340984: Acknowledgement (cvs: PamAuth enabled by default sounds like a security risk), Debian Bug Tracking System, 2005/11/27

Prev by Date: [Savannah-hackers-public] [task #3429] Create mailing lists for Savannah users
Next by Date: [Savannah-hackers-public] Bug#340984: Acknowledgement (cvs: PamAuth enabled by default sounds like a security risk)
Previous by thread: [Savannah-hackers-public] [task #3429] Create mailing lists for Savannah users
Next by thread: [Savannah-hackers-public] Bug#340984: Acknowledgement (cvs: PamAuth enabled by default sounds like a security risk)
Index(es):
- Date
- Thread