Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)

Greg A. Woods Wed, 09 Aug 2000 23:56:34 -0700

[ On Wednesday, August 9, 2000 at 19:57:04 (-0400), Justin Wells wrote: ]
> Subject: Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)
>
> Greg was arguing against chroot. He claims it offers *no* improvement in 
> security at all. 

It offers no improvement in the scenario you proposed because the only
thing on your server of value is the repository itself.  You're trying
to lock the user in with the very thing you're trying to protect!

It's also much harder to set up a successful chroot environment without
shooting yourself in the foot, especially the more complex the
application (and CVS in any useful configuration pretty well takes the
cake here) , so in general it's considered less risky to design a
scenario that does not require chroot in the first place.

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <[EMAIL PROTECTED]>      <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>

Re: cvs-nserver and latest CVS advisory (Was: patch to make CVS chroot)

Reply via email to