[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PServer authentication
From: |
Martin Vogt |
Subject: |
Re: PServer authentication |
Date: |
Fri, 13 Oct 2000 17:03:06 +0200 |
User-agent: |
Mutt/1.2.5i |
On Fri, Oct 13, 2000 at 10:42:17AM -0400, Larry Jones wrote:
> Mike Castle writes:
> >
> > I was always under the impression the those using OpenBSD were doing so for
> > security reasons. And pserver is far from secure!
>
> As long as all the users have shell accounts on the server, a typical
> pserver installation won't allow them to do anything they couldn't do
> from the shell account. pserver is only a security problem when you
> want to allow access to untrusted users.
>
And as long as you dont run cvs as "root" from inetd.
This is _very_ important, otherwise add passwd to the checkoutlist
(when you have write access) add root:apasswd:root and add
an xterm -display hackerHome:0 to the commitlog, voila: root shell.
If you want multiple repositories on one server use setuid wrappers.
Martin
- PServer authentication, Martin Foster, 2000/10/12
- Re: PServer authentication, Mike Castle, 2000/10/12
- Re: PServer authentication, Martin Foster, 2000/10/12
- Re: PServer authentication, Larry Jones, 2000/10/13
- Re: PServer authentication, Mike Castle, 2000/10/13
- Re: PServer authentication, Greg A. Woods, 2000/10/13
- Re: PServer authentication, Derek R. Price, 2000/10/17