httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: [PATCH] http_main.c compile warning
Date Mon, 28 Jul 1997 17:20:22 GMT
On Mon, 28 Jul 1997, Dean Gaudet wrote:

> Or we could use some form of anonymous cvs access.  Hey Marc ... any
> ideas yet that you're happy are secure enough?  What if we had a
> cvs pserver running on some non-standard port, in a uid/gid that owns
> no files?  What if we made /export/home/cvs root.wheel owned, and
> built a /etc, /lib, whatever in it and made it a chroot environ and
> ran a pserver on that?

First you have to convince pserver to run happily as non-root, which
shouldn't be too hard but would probably take a few source changes.  CVS
does reader locks, so I don't think you can make it work in a repository
that pserver can't write to.  I guess you could disable them, but that
isn't nice.  My recommendation would be a seperate repository, either on
taz or elsewhere, with a chrooted pserver and _no_ way to get root.  I
don't think we can do the non-standard port thing, since I don't think
there is a nice way to change the port pserver uses.  It could be bound to
a specific interface on taz though, but that would require an IP address.

This is something that could be done on a third-party machine.  I would do
it if I had time. 



Mime
View raw message