'cvs pserver' under a special uid/gid in a chroot jail.
cvsd is run as a daemon and is controlled through a configuration
file. It is relatively easy to configure and tools are provided
for easily setting up a rootjail.
This server can be useful if you want to run a public cvs
pserver. You should however be aware of the security limitations
of running a cvs pserver. If you want any kind of authentication
you should really consider using secure shell as a secure
authentication mechanism and transport. Passwords used in cvs
pserver are transmitted in plaintext and this wrapper won't
change that.
This server adds a layer of security to cvs. cvs is a very
powerful tool and is capable of running scripts and other
things. By running cvs in a rootjail it is possible to limit
the amount of "damage" cvs can do if it is exploited. It is
generally a good idea to run cvsd without any write permissions
to any directory on the system.
WWW: http://tiefighter.et.tudelft.nl/~arthur/cvsd/
NOTE: this is effectively an update of the existing cvsd package.
cvsd is a wrapper program for cvs in pserver mode. It will run 'cvs pserver'
under a special uid/gid in a chroot jail.
cvsd is run as a daemon and is controlled through a configuration file. It
is relatively easy to configure and tools are provided for easily setting up
a rootjail.
This server can be useful if you want to run a public cvs pserver. You should
however be aware of the security limitations of running a cvs pserver. If you
want any kind of authentication you should really consider using secure shell
as a secure authentication mechanism and transport. Passwords used in cvs
pserver are transmitted in plaintext and this wrapper won't change that.
This server adds a layer of security to cvs. cvs is a very powerful tool and
is capable of running scripts and other things. By running cvs in a rootjail
it is possible to limit the amount of "damage" cvs can do if it is exploited.
It is generally a good idea to run cvsd without any write permissions to any
directory on the system.
There's one problem: the startup script. It gets installed to
/usr/pkg/etc/init.d instead of in /usr/pkg/etc/rc.d. You could do
USE_REINPLACE=yes but I didn't know if this is possible in NetBSD.
I Tried to implement it in the Makefile like this:
post-patch:
@${REINPLACE_CMD} -e 's|init.d/cvsd|rc.d/cvsd.sh.sample|g ; \
s|init.d|rc.d|g' ${WRKSRC}/Makefile.in
But I get an error.
