Bugtraq mailing list archives

Re: cvs security problem

From: Brian Behlendorf <brian () COLLAB NET>
Date: Tue, 1 Aug 2000 16:04:25 -0700

On Mon, 31 Jul 2000 sama () AGLORIOSO COM wrote:

On Fri, Jul 28, 2000 at 02:20:42PM -0400, Kev wrote:

This has been the case for quite some time.  It would be nice if CVS
could be made more secure, but it would probably take a lot of work.
--
Kevin L. Mitchell <klmitch () mit edu>


Although I don't think it addresses this very problem, you might be
interested in CVS-nserver (http://alexm.here.ru/cvs-nserver/), a
rewrite of CVS to make it more modular and secure. I still haven't
tried it myself, though.


There's another similar open source project in development that, if
implemented right, won't have this security problem, called Subversion
(http://subversion.tigris.org/).  There are two full time people working
on it, with an ETA around September, but we could definitely use more
assistance.

        Brian

Current thread:

Re: cvs security problem Mike Eldridge (Aug 01)
- <Possible follow-ups>
- Re: cvs security problem sama (Aug 01)
  - Re: cvs security problem Brian Behlendorf (Aug 01)
  - Re: cvs security problem Greg A. Woods (Aug 01)
- Re: cvs security problem Greg A. Woods (Aug 01)