cvs and security

To: Debian user mailing list <debian-user@lists.debian.org>
Subject: cvs and security
From: Peter Jay Salzman <p@dirac.org>
Date: Tue, 27 Nov 2001 09:47:30 -0800
Message-id: <[🔎] 20011127094730.A11934@dirac.org>

hi all,

i'd like to set up a cvs repository for remote users.

i recently found that cvs ssh access seems to require that i give remote
users a shell account on my computer.  

but i've heard that pserver is very insecure.

i don't know what to do.   one thing is for damn sure.  i don't want people
having shell accounts on my machine.

is pserver really as insecure as i've heard?

is there a way to use ssh for cvs without giving people shell access on my
machine?   giving user cvs a shell of /bin/false seems to screw up cvs.

help!!

pete

-- 
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D
PGP Public Key:  finger p@dirac.org

Reply to:

Follow-Ups:
- Re: cvs and security
  - From: "Richard Seymour,,," <rseymour@anarchysoftware.com>
- Re: cvs and security
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: Upgrading to 2.2r4 from 2.2r3
Next by Date: Re: Has anyone built Nautilus 1.0 on Woody?
Previous by thread: urgent wdm security issue (woody & sid only)
Next by thread: Re: cvs and security
Index(es):
- Date
- Thread