[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS security question
|
From: |
Greg A. Woods |
|
Subject: |
Re: CVS security question |
|
Date: |
Wed, 4 Feb 2004 15:36:02 -0500 (EST) |
[ On Tuesday, February 3, 2004 at 13:05:57 (-0800), Pankaj Garg wrote: ]
> Subject: Re: CVS security question
>
> I wonder why do we not CVS has a server which run with SUID (Super User ID)
> and only it can access repository.
Because CVS is not a security tool, nor is it "security aware".
What you want to do can be done entirely with SSH and SSH was designed
to do exactly that sort of thing.
CVS is a user tool -- no different in its conceptual function than "vi"
or "cat". You sure wouldn't want a client/server version of "vi" to be
authanticating and authorising the client's actions, but you could and
should easily use SSH to make the connection between the client and
server parts of such a tool.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <address@hidden>
Planix, Inc. <address@hidden> Secrets of the Weird <address@hidden>
- CVS security question, Pankaj Garg, 2004/02/03
- RE: CVS security question, Jim.Hyslop, 2004/02/03
- RE: CVS security question, Matthew . Riechers, 2004/02/03
- RE: CVS security question, Mark Jaffe, 2004/02/03
- RE: CVS security question, Rick Genter, 2004/02/03
- Re: CVS security question, Pankaj Garg, 2004/02/03
- RE: CVS security question, Patton, Matthew E., CTR, OSD-PA&E, 2004/02/03