[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Suppressing log suppression (down with the -l switch)
|
From: |
Derek Robert Price |
|
Subject: |
Re: Suppressing log suppression (down with the -l switch) |
|
Date: |
Fri, 30 May 2003 09:05:39 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 |
Paul Edwards wrote:
"Derek Robert Price" <derek@ximbiot.com> wrote in message
news:mailman.7021.1054234818.21513.bug-cvs@gnu.org...
Done. Any opinions on whether I should back-port that to 1.11.x? I
think I could look at this as a security fix and I don't think the
change was invasive enough to affect stability, but I'm not too worried
about it.
Yes, I think 1.11.x should have integrity if reasonably possible.
Okay. Two yeas, no nays. Should be checked in in a few seconds.
Suitable for use by a company that can "absolutely guarantee"
that they know exactly what happened to their source code at
every step of the way, not subject to the whim of cowboys.
Unless there is already a plethora of integrity holes in CVS so
there's really no point?
Well, yes and no. A knowledgable sysadmin can nail down the permissions
& access pretty tight if they want, but out-of-the-box pserver is pretty
vunlnerable to a malicious attack.
But I'm not aware of any myself (not
that I've looked). I can remember a very long time ago I used
to have to disable the admin command to stop people from
being able to do things like remove revisions. I don't know if
use of that command is now able to be restricted.
If a cvsadmin group exists on the server, only users who are members of
the group may run `cvs admin' commands, with the exception of -k in
1.11.x and with the exception of any commands specified by
UserAdminCommands= in the CVSROOT/config file in 1.12.x.
Where I'm working at the moment, I'm a programmer, not CM,
so I don't have to worry about security risks, the entire
repository can be wiped out by my colleagues any time they
want.
Well, that's what tape backups are for. Even friendly colleagues have
been known to call `dirname` on a path in a script one too many times
before running `rm -rf $path` as root.
I'm nominally supposed to be using PVCS. Basically
I use CVS as a precursor to using PVCS, and no-one has
sacked me for doing so. Yet. :-)
Well, good to hear it and good luck. :)
Derek
--
*8^)
Email: derek@ximbiot.com
Get CVS support at <http://ximbiot.com>!
--
There are plenty of businesses like show business.
There are plenty of businesses like show business.
There are plenty of businesses like show business...
- Bart Simpson on chalkboard, _The Simpsons_
- Re: Suppressing log suppression (down with the -l switch), (continued)
- Re: Suppressing log suppression (down with the -l switch), Rob Lanphier, 2003/05/09
- Re: Suppressing log suppression (down with the -l switch), Larry Jones, 2003/05/09
- Re: Suppressing log suppression (down with the -l switch), Brian Lenihan, 2003/05/10
- Re: Suppressing log suppression (down with the -l switch), Derek Robert Price, 2003/05/29
- Re: Suppressing log suppression (down with the -l switch), Larry Jones, 2003/05/29
- Re: Suppressing log suppression (down with the -l switch), Derek Robert Price, 2003/05/29
- Re: Suppressing log suppression (down with the -l switch), Larry Jones, 2003/05/29
- Re: Suppressing log suppression (down with the -l switch), Derek Robert Price, 2003/05/29
- Re: Suppressing log suppression (down with the -l switch), Duncan Howard, 2003/05/29
- Message not available
- Re: Suppressing log suppression (down with the -l switch), Paul Edwards, 2003/05/29
- Re: Suppressing log suppression (down with the -l switch),
Derek Robert Price <=
- Message not available
- Re: Suppressing log suppression (down with the -l switch), Paul Edwards, 2003/05/30