Re: Proposal: have client CVS send remote username to server CVS

[Noel L Yap]

Well, since I understand SSH way better than what goes on with inetd, it's very
possible for me to setup pserver CVS in such a way that it's much more insecure
than what I had thought.

Noel




[EMAIL PROTECTED] on 2000.06.09 10:46:43

To:   [EMAIL PROTECTED]
cc:   (bcc: Noel L Yap)
Subject:  Re: Proposal: have client CVS send remote username to server CVS




Greg A. Woods writes:
>
> Many (most?) systems foolishly allow a process to regain its
> former privileges if great care is not taken, and on some I understand
> it is not even possible to prevent such re-instatement, thereby leaving
> CVS open to exploit throughout its entire body of un-audited code.

Most systems are not quite so foolish -- I've never heard of one that
didn't have an exception for root such that one you give it away you
can't get it back.

-Larry Jones

Well of course the zipper's going to get stuck if everyone
stands around WATCHING me! -- Calvin






This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.