Re: Proposal: have client CVS send remote username to server CVS

[Greg A. Woods]

[ On Thursday, June 8, 2000 at 17:27:05 (-0400), Noel L Yap wrote: ]
> Subject: Re: Proposal: have client CVS send remote username to server CVS
>
> My point was that, using this method, CVS will treat each of the many users as
> the one system user.  Pserver doesn't do that.  You can map many CVS users to
> one user and CVS will know them by their CVS username, not their system name.

Ah yes, but cvs-pserver can only map to multiple different system users
if you run it as root, which no matter what anyone says is extremely
risky.  Many (most?) systems foolishly allow a process to regain its
former privileges if great care is not taken, and on some I understand
it is not even possible to prevent such re-instatement, thereby leaving
CVS open to exploit throughout its entire body of un-audited code.

If you run cvs-pserver as an ordinary system user then you cannot map
CVS identities to any other system user.

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <[EMAIL PROTECTED]>      <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>