| From: | "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org> |
|---|---|
| To: | Justin Clift <justin(at)postgresql(dot)org> |
| Cc: | Devrim GUNDUZ <devrim(at)gunduz(dot)org>, pgsql-hackers(at)postgresql(dot)org, PostgreSQL WWW Mailing List <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: Problems logging into CVS server |
| Date: | 2004-07-13 01:16:45 |
| Message-ID: | 20040712221420.L867@ganymede.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-www |
On Tue, 13 Jul 2004, Justin Clift wrote:
> Marc G. Fournier wrote:
>
>>
>> Damn ... I'll have to look at it ... we had a hacker get in through the
>> way anoncvs was setup, so I set a passwd on in /etc/passwd (but didn't
>> touch the anoncvs setup itself) ... will play with it tonight and see if I
>> can figure out how to do a more secure anon-cvs ;( I have to be missing
>> something in the config *sigh*
>
> Um, that sounds worrying. Was the activity of the hacker anything that would
> affect PG code, or access to anything sensitive (account passwords, etc)?
No ... anoncvs is not part of the same group as the primary cvsroot, so
not able to commit to the source tree ... the anoncvs cvsroot is a
different directory structure altogether (/projects/cvsroot vs /cvsroot),
and the anoncvs user has no write permissions on /cvsroot ...
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy(at)hub(dot)org Yahoo!: yscrappy ICQ: 7615664
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2004-07-13 01:38:11 | Anoncvs down? |
| Previous Message | Justin Clift | 2004-07-13 00:53:00 | Re: Problems logging into CVS server |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-07-13 13:39:32 | Remove email search |
| Previous Message | Justin Clift | 2004-07-13 00:53:00 | Re: Problems logging into CVS server |