httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: CVS Access?
Date Tue, 17 Jun 1997 15:15:06 GMT
> I don't trust it.  I guess the main thing I don't trust is CVS's remote
> server that is started as root before switching to whatever uid.  Since
> that is running on taz anyway, it shouldn't hurt too much to provide this
> type of read only access.   

But, do you have any basis for this lack of trust?

It simply does a setuid (pw->pw_uid); along with setting USER and LOGNAME
env variables.  This is exactly how most people run Apache.  And Apache 
simply does a setuid() as well.  Why trust one less than the other?

Have a look at the CVS server.c file.  It isn't very complicated, and I don't
see any blatant problems in it.

I have had read-only CVS access to the mod_php sources for well over a year 
now.  I have never had any problems with it.


View raw message