Re: CVS server in a user-mode-linux

2003-12-19 Thread Arthur de Jong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > I have experimented with running an anonymous CVS server inside > user-mode-linux. [...] > The only problem is that the server need write access to the repository > in order to create locks (which are directories, IIUC). I have not yet > find a way

Re: CVS server in a user-mode-linux

2003-12-19 Thread Arthur de Jong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > I have experimented with running an anonymous CVS server inside > user-mode-linux. [...] > The only problem is that the server need write access to the repository > in order to create locks (which are directories, IIUC). I have not yet > find a way

Re: CVS server in a user-mode-linux

2003-12-19 Thread Bastian Blank
On Fri, Dec 19, 2003 at 05:46:11PM +0100, Bill Allombert wrote: > The only problem is that the server need write access to the repository > in order to create locks (which are directories, IIUC). I have not yet > find a way to only allows the server to create locks, but to change > nothing else. y

Re: CVS server in a user-mode-linux

2003-12-19 Thread Bastian Blank
On Fri, Dec 19, 2003 at 05:46:11PM +0100, Bill Allombert wrote: > The only problem is that the server need write access to the repository > in order to create locks (which are directories, IIUC). I have not yet > find a way to only allows the server to create locks, but to change > nothing else. y

Re: CVS server in a user-mode-linux

2003-12-19 Thread Christian G. Warden
On Fri, Dec 19, 2003 at 05:46:11PM +0100, Bill Allombert wrote: > Hello Debian-security list, > > I have experimented with running an anonymous CVS server inside > user-mode-linux. So far this seems to work well and hopefully should > enhance security a bit. The host kernel has the skas patch. >

CVS server in a user-mode-linux

2003-12-19 Thread Bill Allombert
Hello Debian-security list, I have experimented with running an anonymous CVS server inside user-mode-linux. So far this seems to work well and hopefully should enhance security a bit. The host kernel has the skas patch. I use hostfs to mount only the repositories inside the UML. I have limited t

Re: CVS server in a user-mode-linux

2003-12-19 Thread Christian G. Warden
On Fri, Dec 19, 2003 at 05:46:11PM +0100, Bill Allombert wrote: > Hello Debian-security list, > > I have experimented with running an anonymous CVS server inside > user-mode-linux. So far this seems to work well and hopefully should > enhance security a bit. The host kernel has the skas patch. >

CVS server in a user-mode-linux

2003-12-19 Thread Bill Allombert
Hello Debian-security list, I have experimented with running an anonymous CVS server inside user-mode-linux. So far this seems to work well and hopefully should enhance security a bit. The host kernel has the skas patch. I use hostfs to mount only the repositories inside the UML. I have limited t

Re: Security patches

2003-12-19 Thread Russell Coker
On Fri, 19 Dec 2003 20:18, Henrique de Moraes Holschuh <[EMAIL PROTECTED]> wrote: > On Fri, 19 Dec 2003, Russell Coker wrote: > > In terms of LSM protection against this, if you use SE Linux then all > > aspects of file access and module loading are controlled by the policy. > > I am going to wri

Re: Security patches

2003-12-19 Thread Russell Coker
On Fri, 19 Dec 2003 20:18, Henrique de Moraes Holschuh <[EMAIL PROTECTED]> wrote: > On Fri, 19 Dec 2003, Russell Coker wrote: > > In terms of LSM protection against this, if you use SE Linux then all > > aspects of file access and module loading are controlled by the policy. > > I am going to writ

Re: Security patches

2003-12-19 Thread Henrique de Moraes Holschuh
On Fri, 19 Dec 2003, Russell Coker wrote: > In terms of LSM protection against this, if you use SE Linux then all aspects > of file access and module loading are controlled by the policy. I am going > to write a policy that implements something similar to BSD secure levels so > that you can put

Re: Security patches

2003-12-19 Thread Henrique de Moraes Holschuh
On Fri, 19 Dec 2003, Russell Coker wrote: > In terms of LSM protection against this, if you use SE Linux then all aspects > of file access and module loading are controlled by the policy. I am going > to write a policy that implements something similar to BSD secure levels so > that you can put