Hello, Stephen!
> In order to limit checkouts to the modules you need for each
> application you can use the modules file. This is explained in
> the Cederqvist manual.
I couldn't find anything like that in the manual. Maybe I'm missing
something, but it seems that the code in do_module() (file
src/modules.c) doesn't really restrict using directories.
For example:
$ cvs -n rdiff -r0 ../../../../proc
cvs [server aborted]: could not chdir to fd: Permission denied
How do you prevent access to "../../../../proc" using the "modules" file?
If you could give a recipe, it would be very handy for security-aware
sysadmins.
Regards,
Pavel Roskin
