[EMAIL PROTECTED] on 2000.08.09 00:25:31
>On Tue, Aug 08, 2000 at 02:53:30PM -0400, Greg A. Woods wrote:
>> [ On Monday, August 7, 2000 at 23:14:36 (-0400), Justin Wells wrote: ]
>> > Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS
chroot)
>> >
>> > If that's all you want to accomplish it wouldn't be much work to move the
>> > pserver code out of CVS into a binary called pserver which performs an
>> > exec() after reading the authorization block. Isn't this what nserver does?
>> >
>> > I think that's a good idea. Less code to audit.
>>
>> Hmmm... yeah, and guess what SSH does too!
>
>And if ssh spoke pserver protocol that would be great. Duh.
>From Derek Price:
>Have you considered using SSH, port forwarding, and pserver? I think you could
>wrap CVS in something like the following:
>
> #!/bin/sh
> ssh -L30100:localhost:cvspserver remotehost.net
> CVSPORT=30100 cvs -d:pserver:$USER@localhost:/cvsroot "$@"
I haven't tried it myself, though, so I can't vouch for it.
>Unless you're talking about recent versions of Linux, FreeBSD, or Solaris
>I really don't give a damn. Add some documentation warning people of the
>risk. I don't subscribe to your philosophy that all humans are morons and
>can't do their own risk analysis. I believe in giving capable people the
>tools they need to get the job done.
It has been shown that people opt for convenience rather than security and, it's
extremely convenient not to read documentation about security.
Noel
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
