info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: what's to stop a developer from nuking the repository?

From: Greg A. Woods
Subject: Re: what's to stop a developer from nuking the repository?
Date: Wed, 21 Jan 2004 01:52:51 -0500 (EST) 
[ On Tuesday, January 20, 2004 at 14:02:19 (-0600), johnny fulcrum wrote: ]
> Subject: Re: what's to stop a developer from nuking the repository?
>
> Is there more than one way to run Pserver?

Of course.

>  All my pserver users have 
> accounts on the unix box (err "unix network") and they have to suplly a 
> username and password to "cvs login" (most of them are wincvs users).
> 
> how does this not give the same accountability as telnet or rlogin?  

CVS is not a security application, was not designed as a security
application, and despite recent hackish patches is not implemented as a
security application.  CVS does not provide the same level of
authentication, and not even remotely the same level of authorization
control, as RSH does.  It is entirely trivial for pserver users to forge
their identity.

-- 
                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <address@hidden>
Planix, Inc. <address@hidden>          Secrets of the Weird <address@hidden>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]