httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: Apache NT errors
Date Fri, 27 Jun 1997 20:23:07 GMT
On Fri, 27 Jun 1997, Roy T. Fielding wrote:

> >However, I have looked over the security requirements for the fix on cyclic
> >pages, and now that Roy's done his blitzkreig of changes to CVSROOT files,
> >the restrictions now seem palatable.  So, I have installed 1.9.10, and done
> >the following:
> >
> >1) made ~cvs chown'd root, chmod 755.
> >2) made ~cvs/CVSROOT chown'd root, chmod 755.
> >
> >This means that any attempt to create new modules, or modify files under
> >CVSROOT, will fail.  If such changes are necessary, let me know and I'll
> >temporarily enable group write access so the change can happen.
> 
> Yuck.  Is there some reason why they don't just change the location of
> the passwd file, like to /etc/cvspasswd.<repository>?

No.

My plan is to make a patch to either just disable the CVS passwd file
entirely (ok for now, but we may want to use it someday... OTOH pserver
really really sucks anyway) or do what you suggest.  When I get time...

You may still be able to modify files in the CVSROOT directory; depends if
it creates a new file and moves it or edits it in place...


Mime
View raw message