In article <[EMAIL PROTECTED]>,
Tony Hoyle <[EMAIL PROTECTED]> writes:
> > I found a security problem that cvs server can instruct to create any
> > file at any locaiton in client machine.
> >
> ...which is exactly why you should never checkout as root.
Yes. Of cource.
> For normal users this isn't a problem as they can only write to their home
>directories and /tmp
> anyway.
No. There are many important files such as ~/.rhosts, ~/.ssh/*, ~/.cshrc, ~/.profile,
...
If they are cracked, a cracker can login to client machine or execute any commands.
--
Tanaka Akira
