[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "cvs server" accepts but ignored --allow-root
From: |
Derek Robert Price |
Subject: |
Re: "cvs server" accepts but ignored --allow-root |
Date: |
Fri, 22 Nov 2002 08:15:58 -0500 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 |
Tim Riker wrote:
Not sure how to do a test for this. src/sanity.sh does one rsh test,
but I don't think you can alter the command it runs on the other end?
I believe it does "cvs server" and I need it to do "cvs server
--allow-root ${CVSROOT_DIRNAME}" which should work. Anything else like
"cvs server --allow-root ${CVSROOT_DIRNAME}/foo" should get an error
when the client tries to choose a different path.
The current state is that "cvs server --allow-root
${CVSROOT_DIRNAME}/foo" _will_ allow setting the dirname to anything
and will completely ignore the --allow-root without a warning or error
message.
CVS_SERVER cannot contain arguments, correct? I suppose you could
create a script like:
#!/bin/bash
exec cvs --allow-root /path/from/cvsroot_dirname $*
and then put the scriptname in CVS_SERVER?
Testing over rsh should work, but is kind of silly. I suppose an admin
might provide a cvs wrapper as above and hide the real cvs binary.
This really is used with ssh authorized_keys as explained in the
original message.
Testing over RSH should be fine - CVS_SERVER can be set on the client
end and CVS will use the same code whether executed by SSH or RSH. No
security restrictions are necessary in the tests scripts - you know what
you told it to run - the test isn't like a user who might try and change it.
You might also try running something akin to the pserver, server, and
server2 tests - those exec `cvs --allow-root=X pserver' and `cvs server'
on the command line then feed fake protocol data in on stdin and read
stdout to see if they are working properly. You could probably cut and
paste a few of those tests even, as long as you added one that got the
failure message. I think you need to test three cases - a working
checkout without --allow-root specified, a working checkout with
--allow-root specified, and a forbidden checkout with --allow-root
specified.
Derek
--
*8^)
Email: derek@ximbiot.com
Get CVS support at <http://ximbiot.com>!
--
HAMLET No, not I.
I never gave you aught.
OPHELIA
My honoured lord, you know right well you did,
And with them words of so sweet breath composed
As made the things more rich. Their perfume lost,
Take these again. For to the noble mind
Rich gifts wax poor when givers prove unkind.
There, my lord.
- Hamlet, Act III, Scene 1, Lines 96-102