CVS server in a user-mode-linux

To: debian-security@lists.debian.org
Subject: CVS server in a user-mode-linux
From: Bill Allombert <allomber@math.u-bordeaux.fr>
Date: Fri, 19 Dec 2003 17:46:11 +0100
Message-id: <[🔎] 20031219164611.GG25221@seventeen>

Hello Debian-security list,

I have experimented with running an anonymous CVS server inside
user-mode-linux. So far this seems to work well and hopefully should
enhance security a bit. The host kernel has the skas patch.

I use hostfs to mount only the repositories inside the UML.
I have limited the UML memory to 128Mb.

Performance are quite sufficient for the server usage since load stay close
to 0.

The only problem is that the server need write access to the repository
in order to create locks (which are directories, IIUC). I have not yet
find a way to only allows the server to create locks, but to change
nothing else.

Do you have any ideas to improve the security ?

Cheers, [Please CC me]
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

Reply to:

Follow-Ups:
- Re: CVS server in a user-mode-linux
  - From: "Christian G. Warden" <cwarden@xerus.org>
- Re: CVS server in a user-mode-linux
  - From: Bastian Blank <waldi@debian.org>
- Re: CVS server in a user-mode-linux
  - From: Arthur de Jong <adejong@debian.org>

Prev by Date: Re: Security patches
Next by Date: Re: CVS server in a user-mode-linux
Previous by thread: Re: does chkrootkit properly detect a promisc interface?
Next by thread: Re: CVS server in a user-mode-linux
Index(es):
- Date
- Thread