From: Lars Magne Ingebrigtsen <larsi@ifi.uio.no>
Subject: Re: CVS'r'us
Date: 07 Mar 1997 00:00:13 +0100 [thread overview]
Message-ID: <m2sp28d3sy.fsf@proletcult.slip.ifi.uio.no> (raw)
In-Reply-To: Kai Grossjohann's message of 06 Mar 1997 21:49:42 +0100
Kai Grossjohann <grossjohann@ls6.informatik.uni-dortmund.de> writes:
> My CVS manual (version 1.9) contains a section "Remote repositories".
> It mentions password authentication, too.
I've now fetched the full cvs distribution, and have the info file.
It says:
----------
The separate CVS password file (*note Password authentication
server::.) allows people to use a different password for repository
access than for login access. On the other hand, once a user has
access to the repository, she can execute programs on the server system
through a variety of means. Thus, repository access implies fairly
broad system access as well. It might be possible to modify CVS to
prevent that, but no one has done so as of this writing. Furthermore,
there may be other ways in which having access to CVS allows people to
gain more general access to the system; noone has done a careful audit.
----------
This sounds like something that one doesn't want to have on a systems
that's supposed to be secure, doesn't it?
--
(domestic pets only, the antidote for overdose, milk.)
larsi@ifi.uio.no * Lars Ingebrigtsen
next prev parent reply other threads:[~1997-03-06 23:00 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-03-05 6:38 CVS'r'us Lars Magne Ingebrigtsen
1997-03-05 7:49 ` CVS'r'us Steven L Baur
1997-03-05 9:56 ` CVS'r'us Lars Balker Rasmussen
1997-03-05 7:49 ` CVS'r'us Steven L Baur
1997-03-05 11:29 ` CVS'r'us Samuel Tardieu
1997-03-06 3:59 ` CVS'r'us Lars Magne Ingebrigtsen
1997-03-06 10:06 ` CVS'r'us Kai Grossjohann
1997-03-06 19:06 ` CVS'r'us Lars Magne Ingebrigtsen
1997-03-06 20:38 ` CVS'r'us Scott Blachowicz
1997-03-06 20:49 ` CVS'r'us Kai Grossjohann
1997-03-06 23:00 ` Lars Magne Ingebrigtsen [this message]
1997-03-07 9:57 ` CVS'r'us Kai Grossjohann
1997-04-03 17:24 ` CVS'r'us Brian Edmonds
1997-04-04 19:26 ` CVS'r'us Lars Magne Ingebrigtsen
1997-04-04 21:06 ` CVS'r'us Steven L Baur
1997-04-05 10:46 ` CVS'r'us Lars Magne Ingebrigtsen
1997-04-06 1:09 ` CVS'r'us Brian Edmonds
1997-04-06 17:44 ` CVS'r'us Lars Magne Ingebrigtsen
1997-04-07 1:51 ` CVS'r'us Tony Bennett
1997-04-08 20:59 ` CVS'r'us Lars Magne Ingebrigtsen
1997-04-06 13:58 ` CVS'r'us Kai Grossjohann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2sp28d3sy.fsf@proletcult.slip.ifi.uio.no \
--to=larsi@ifi.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).