[ On Tuesday, May 29, 2001 at 13:59:09 (-0400), Derek R. Price wrote: ]
> Subject: Re: Linux security issues as they pertain to CVS
>
> > Yeah, and there's "nc -l" too. But is either going to work in a
> > production environment in a development shop? I doubt it....
>
> Why not?
One problem is that as a sysadmin if I saw "ined-derek" running on my
machine I'd kill it first and ask questions later....
> > I'll bet it'll bring any sane and knowledgeable security officer down so
> > hard on your head too that you won't even know what hit you.
>
> Why?
First off you're offering a new network service, and even if it's only
on the internal network you'd better bet the security guys want to know
what it's all about.
Secondly once they find out what you're actually running they'll be all
over you to accept full responsibilty for everything in your repository
as if you wrote it yourself (since you have no proof that you didn't and
you don't even have any proof of who might have).
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
