Hello Debian-security list, I have experimented with running an anonymous CVS server inside user-mode-linux. So far this seems to work well and hopefully should enhance security a bit. The host kernel has the skas patch.
I use hostfs to mount only the repositories inside the UML. I have limited the UML memory to 128Mb. Performance are quite sufficient for the server usage since load stay close to 0. The only problem is that the server need write access to the repository in order to create locks (which are directories, IIUC). I have not yet find a way to only allows the server to create locks, but to change nothing else. Do you have any ideas to improve the security ? Cheers, [Please CC me] -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here.
