Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Pavel Goran wrote: > I understand your unwillingness to alter the (formally) correct > behaviour of CVSNT. However, it may take long time for the bug to be > fixed in Cygwin (and it may turn out to work only in Win2k3), and in > CVSNT it can be worked around with only slight modifications. The problem is it falls into the trap of trusting the client. That's something you should never do... If you're using ssh to start with then I presume security is an issue. Fixing it properly might be possible, but there's a big caveat... I knocked up a DLL that does proper setuid on Win2k/XP that could be used for cygwin (or for cvsnt with pserver to remove the hack we have now)... however I realized very quickly that at the level you have to work to do that, Windows security doesn't exist (I've got a little EXE that can take an ordinary user and give them a delegation level token for the administrator account without knowing the password). At that level opensource works against you... If I checkin the code to do it properly into cvsnt even if I write it in such a way that you need SeTcbName at least, it would take approx. 30 seconds for someone to remove the checks... The only mitigating factor is that you must be an admin to install it to start with :) Tony