public inbox for [email protected]
help / color / mirror / Atom feedFrom: Marc G. Fournier <[email protected]>
To: Justin Clift <[email protected]>
Cc: Devrim GUNDUZ <[email protected]>
Cc: [email protected]
Cc: PostgreSQL WWW Mailing List <[email protected]>
Subject: Re: Problems logging into CVS server
Date: Mon, 12 Jul 2004 22:16:45 -0300 (ADT)
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
On Tue, 13 Jul 2004, Justin Clift wrote:
> Marc G. Fournier wrote:
>
>>
>> Damn ... I'll have to look at it ... we had a hacker get in through the
>> way anoncvs was setup, so I set a passwd on in /etc/passwd (but didn't
>> touch the anoncvs setup itself) ... will play with it tonight and see if I
>> can figure out how to do a more secure anon-cvs ;( I have to be missing
>> something in the config *sigh*
>
> Um, that sounds worrying. Was the activity of the hacker anything that would
> affect PG code, or access to anything sensitive (account passwords, etc)?
No ... anoncvs is not part of the same group as the primary cvsroot, so
not able to commit to the source tree ... the anoncvs cvsroot is a
different directory structure altogether (/projects/cvsroot vs /cvsroot),
and the anoncvs user has no write permissions on /cvsroot ...
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: [email protected] Yahoo!: yscrappy ICQ: 7615664
view thread (4+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Problems logging into CVS server
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox