In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Greg A. Woods) writes: > See the recent thread on BUGTRAQ where someone "exposed" the > insecurities of cvspserver. No. That's *not* cvspserver problem. First half is a general server problem not restricted to cvspserver and last half is client problem. They are not depended to cvspserver. I found that proposed fix for former problem or similar one are applied for sourceforge cvs server via ssh. (The result of valid-requests doesn't have Checkin-prog or Update-prog.) I think cvs distribution should have similar fix. You may think it is meaningless because cvs server with write access may provide shell access by definition, though. Sourceforge try to forbid executing programs other than cvs command on cvs server machine. Why cvs distribution shouldn't do similar challenge? -- Tanaka Akira
- Re: patch to make CVS chroot Greg A. Woods
- Re: patch to make CVS chroot Justin Wells
- Re: patch to make CVS chroot Greg A. Woods
- Re: patch to make CVS chroot Greg A. Woods
- Re: patch to make CVS chroot Justin Wells
- Re: patch to make CVS chroot Greg A. Woods
- Re: patch to make CVS chroot Justin Wells
- Re: patch to make CVS chroot Alexey Mahotkin
- Re: patch to make CVS chroot Justin Wells
- Re: patch to make CVS chroot Greg A. Woods
- Re: patch to make CVS chroot Tanaka Akira
- Re: patch to make CVS chroot Greg A. Woods
- Re: patch to make CVS chroot Justin Wells
- Re: patch to make CVS chroot Greg A. Woods
- cvs-nserver and latest CVS advisory (Was: patch to make CV... Alexey Mahotkin
- Re: cvs-nserver and latest CVS advisory (Was: patch to mak... Justin Wells
- Re: cvs-nserver and latest CVS advisory (Was: patch to mak... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to mak... Justin Wells
- Re: cvs-nserver and latest CVS advisory (Was: patch to mak... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory (Was: patch to mak... Justin Wells
- Re: cvs-nserver and latest CVS advisory (Was: patch to mak... Greg A. Woods
