* Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu> [2001.11.29 16:16:48-0600]: > You are still missing the point. Hopefully, you've read my post by > now, but I'll reiterate. > > CVS documentation states that pserver plus write access to CVS > repository can be subverted to execute arbitrary code on the > server. The point of using ssh is to get rid of pserver, not > to encrypt the actual downloads (that would be rather pointless, > no?) Of course ssh will still do the encryption, but that's > just a side-effect. i think i actually did miss this point. i know how you can exploit this, but it's only applicable if you *do* actually have write access, which would be pretty foolish in an anonymous setup. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck sum quod eris.
Attachment:
pgpL3SKhGIfA4.pgp
Description: PGP signature