public inbox for [email protected]
help / color / mirror / Atom feedFrom: Jeroen Ruigrok/asmodai <[email protected]>
To: Tom Lane <[email protected]>
Cc: Robert Treat <[email protected]>
Cc: Marc G. Fournier <[email protected]>
Cc: [email protected]
Subject: Re: things currently broken/missing
Date: Wed, 11 Feb 2004 18:27:47 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <1076509856.18024.90.camel@camel>
<[email protected]>
<1076514410.17920.94.camel@camel>
<[email protected]>
-On [20040211 17:32], Tom Lane ([email protected]) wrote:
>I think we probably ought to leave this turned off. From a security
>standpoint, it would scare me quite a lot for the cgi user to have write
>access to the CVS tree. Even though the annotation software itself may
>do nothing more risky than temporarily locking files, what of bugs that
>might allow someone to make more extensive changes?
Make sure to replace every call to 'cvs' with 'cvs -R'. This enables
read-only repository mode. Or set the relevant environment variable.
Note that cvs 1.12.x is more intelligent about locks.
--
Jeroen Ruigrok van der Werven <asmodai(at)wxs.nl> / asmodai / kita no mono
PGP fingerprint: 2D92 980E 45FE 2C28 9DB7 9D88 97E6 839B 2EAC 625B
http://www.tendra.org/ | http://diary.in-nomine.org/
Expansion of happiness is the purpose of life...
view thread (9+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: things currently broken/missing
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox