savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] Re: 2 security concerns: remote init, and disa


From: Sylvain Beucler
Subject: [Savannah-hackers-public] Re: 2 security concerns: remote init, and disabling CVSROOT/passwd
Date: Tue, 8 May 2007 23:08:00 +0200
User-agent: Mutt/1.5.13 (2006-08-11)

> > I don't know if you still want the --allow-root-regexp patch merged into 
> > 1.12.x, but I found some discussion in the archives and it sounds like 
> > we were waiting on documentation and test cases for the change.

I think this is a good way to prevent access to repositories outside
or downside the allowed hierarchy, while keeping it maintainable (no
list of repositories to rebuild), e.g.
--allow-root-regexp='^/srv/cvs/sources/[^/]+'

Unless there's a better way, here's an updated patch against HEAD :)

-- 
Sylvain

Attachment: allow-root-regexp4.diff
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]