Matthias Stolt writes:
>
> are there any know security problem with CVS (or TCP/IP port number 2401)?
Lots, but they mainly pertain to servers, not clients.
> I want to use CVS in the following way: Inside a firewall there are several
>developer who need to
> contact a CVS repository on a server in the internet. We must open the port 2401. Is
>this "dangerous"?
So we're talking about clients, not servers. Since the clients connect
to the server, you only need to open the port for outbound connections,
which eliminates most of the security concerns. About the worst thing
that could happen is that, if one of your users could be persuaded to
connect to a renegade server (none of which have ever been reported to
exist), it could have the client try to create, delete, or modify some
arbitrary file. Unless you have little or no system security, this
might cause problems for the user (who, one could argue, probably
deserves them), it shouldn't cause any problems for the system or
network.
> Our network-administrator is very afraid about this issue.
A healthy dose of paranoia is good for system and network
administrators, but one shouldn't let that stand in the way of using the
sytem and network for their intended purposes.
-Larry Jones
I hate it when they look at me that way. -- Calvin
