>>>>> "Tanaka" == Tanaka Akira <[EMAIL PROTECTED]> writes:
Tanaka> In article <[EMAIL PROTECTED]>,
Tanaka> Michael Richardson <[EMAIL PROTECTED]> writes:
>> Systems that give shells out to people that have write access
>> are already open to running programs by clients.
>>
>> So, this really affects people that use :pserver: with write
>> access.
Tanaka> The problem also affects carefully configured :ext: method using ssh.
Tanaka> It is well known that :pserver: with write access is dangerous because
Tanaka> it sends password in plain text and :ext: using ssh is recommended.
I did not realize that people had done such things.
Tanaka> But :ext: using ssh has a problem that it provides shell access in
Tanaka> general. So pedantic administrator (like me) disables shell access by
Tanaka> a option `commands="cvs server"' in authorized_keys (and use chroot).
Yes, I've done this. I didn't realize that it required :ext:?? Maybe I just
don't know CVS's newer methods well enough.
I agree that things should be fixed. I am just not panic'ed about this.
] Train travel features AC outlets with no take-off restrictions|gigabit is no[
] Michael Richardson, Solidum Systems, on my way to IETF#48 |problem with[
] [EMAIL PROTECTED] www.solidum.com |PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
