From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/10118
Path: main.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@ifi.uio.no>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: CVS'r'us
Date: 07 Mar 1997 00:00:13 +0100
Sender: larsi@proletcult.slip.ifi.uio.no
Message-ID: <m2sp28d3sy.fsf@proletcult.slip.ifi.uio.no>
References: <m2n2si973h.fsf@proletcult.slip.ifi.uio.no> <qw64teqmvau.fsf@esmeralda.enst.fr> <m23eu9hdqb.fsf@proletcult.slip.ifi.uio.no> <vafhgipfi77.fsf@ls6.informatik.uni-dortmund.de> <m23eu8et6n.fsf@proletcult.slip.ifi.uio.no> <vaf3eu8eoex.fsf@ls6.informatik.uni-dortmund.de>
NNTP-Posting-Host: coloc-standby.netfonds.no
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: main.gmane.org 1035150040 22483 80.91.224.250 (20 Oct 2002 21:40:40 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Sun, 20 Oct 2002 21:40:40 +0000 (UTC)
Return-Path: <ding-request@ifi.uio.no>
Original-Received: from ifi.uio.no (0@ifi.uio.no [129.240.64.2])
	by deanna.miranova.com (8.8.5/8.8.5) with SMTP id RAA19164
	for <steve@miranova.com>; Thu, 6 Mar 1997 17:11:26 -0800
Original-Received: from proletcult.slip.ifi.uio.no (root@ppp18.larris.ifi.uio.no [129.240.68.118]) by ifi.uio.no with ESMTP (8.6.11/ifi2.4) 
	id <BAA07446@ifi.uio.no> for <ding@ifi.uio.no> ; Fri, 7 Mar 1997 01:50:49 +0100
Original-Received: (from larsi@localhost) by proletcult.slip.ifi.uio.no (8.8.2/8.8.2) id AAA03684; Fri, 7 Mar 1997 00:00:17 +0100
Mail-Copies-To: never
Original-To: ding@ifi.uio.no
In-Reply-To: Kai Grossjohann's message of 06 Mar 1997 21:49:42 +0100
Original-Lines: 26
X-Mailer: Gnus v5.4.20/Emacs 19.34
X-Face: &w!^oO<W.WBH]FsTP:P0f9X6M-ygaADlA_)eF$<UwQzj7:C=Gi<a?/_4$LX^@$Qq7-O&XHp
 lDARi8e8iT<(A$LWAZD*xjk^')/wI5nG;1cNB>~dS|}-P0~ge{$c!h\<y
Xref: main.gmane.org gmane.emacs.gnus.general:10118
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:10118

Kai Grossjohann <grossjohann@ls6.informatik.uni-dortmund.de> writes:

> My CVS manual (version 1.9) contains a section "Remote repositories".
> It mentions password authentication, too.

I've now fetched the full cvs distribution, and have the info file.
It says:

----------
The separate CVS password file (*note Password authentication
server::.) allows people to use a different password for repository
access than for login access.  On the other hand, once a user has
access to the repository, she can execute programs on the server system
through a variety of means.  Thus, repository access implies fairly
broad system access as well.  It might be possible to modify CVS to
prevent that, but no one has done so as of this writing.  Furthermore,
there may be other ways in which having access to CVS allows people to
gain more general access to the system; noone has done a careful audit.
----------

This sounds like something that one doesn't want to have on a systems
that's supposed to be secure, doesn't it?

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@ifi.uio.no * Lars Ingebrigtsen