[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers-public] Re: 2 security concerns: remote init, and disa
From: |
Sylvain Beucler |
Subject: |
[Savannah-hackers-public] Re: 2 security concerns: remote init, and disabling CVSROOT/passwd |
Date: |
Tue, 8 May 2007 23:08:00 +0200 |
User-agent: |
Mutt/1.5.13 (2006-08-11) |
> > I don't know if you still want the --allow-root-regexp patch merged into
> > 1.12.x, but I found some discussion in the archives and it sounds like
> > we were waiting on documentation and test cases for the change.
I think this is a good way to prevent access to repositories outside
or downside the allowed hierarchy, while keeping it maintainable (no
list of repositories to rebuild), e.g.
--allow-root-regexp='^/srv/cvs/sources/[^/]+'
Unless there's a better way, here's an updated patch against HEAD :)
--
Sylvain
allow-root-regexp4.diff
Description: Text Data