[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: How 2 Secure the repository?
From: |
Greg A. Woods |
Subject: |
RE: How 2 Secure the repository? |
Date: |
Mon, 11 Mar 2002 14:43:51 -0500 (EST) |
[ On Monday, March 11, 2002 at 13:42:30 (-0500), Vishal Jain wrote: ]
> Subject: RE: How 2 Secure the repository?
>
> CVS bin : setgid "cvs" binary, setting permission as user:cvsadmin
I would not do that if I were you. CVS is a big hunk of code that was
not designed to run with set-ID enhanced privileges. There are also
probably a dozen or more places for a trojan to be put in the way of an
authorised administrator.
--
Greg A. Woods
+1 416 218-0098; <address@hidden>; <address@hidden>; <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>