On Tue, 2003-12-30 at 22:58, seth vidal wrote: > On Tue, 2003-12-30 at 21:31, Jason wrote: > > The main changes concerning that seem to be in src/server.c in the > > switch_to_user function. I think you'd still be able to run the cvs > > daemon as root. In fact, I think it would still have to run as a > > privileged user in order to switch UID's to the proper user upon login. > > However, when the cvs user tries to authenticate it would refuse to > > switch to the root user, and then syslog it. > > > > If someone is logging into their repository as root.. they've got issues > > anyway. But, I don't see a problem with having this patched in. > > > > > Yah it looks like: > this is the patch that is needed > http://ccvs.cvshome.org/source/browse/ccvs/src/server.c.diff?r1=1.284.2.9&r2=1.284.2.12&f=u > > need to take a look to see how far off that is from 1.11.1p1+patches > that is in 7.x. I got it built. The cvs people appear to have left out something though. they need this: /* Switch to run as this user. */ - switch_to_user (user); + switch_to_user ("KERBEROS", user); } #endif /* HAVE_KERBEROS */ around line 5964 in the patched source. I think that's the right patch. It compiles cleanly but I can't easily test the kerb-authenticated attempt to see if it works. I posted the srpm and rpm here: http://linux.duke.edu/~skvidal/RPMS/cvs/ Those are built on 7.3. Should work on 7.2 and 7.1, I'd bet. I put the patches I applied in that dir as well. -sv
