- publishing free software manuals
Version Management with CVS - the CVS manual
by Per Cederqvist et al.
Paperback (6"x9"), 216 pages, 8 figures
ISBN 0954161718
RRP £19.95 ($29.95)

Get a printed copy>>>

B.3.2 Security and the Trigger Scripts

Security is a huge subject, and implementing a secure system is a non-trivial task. This section will barely touch on all the issues involved, but it is well to note that, as with any script you will be allowing an untrusted user to run on your server, there are measures you can take to help prevent your trigger scripts from being abused.

For instance, since the CVS trigger scripts all run in a copy of the user's sandbox on the server, a naively coded Perl trigger script which attempts to use a Perl module that is not installed on the system can be hijacked by any user with commit access who is checking in a file with the correct name. Other scripting languages may be vulnerable to similar hacks.

One way to make a script more secure, at least with Perl, is to use scripts which invoke the -T, or "taint-check" switch on their #! line. In the most basic terms, this causes Perl to avoid running code that may have come from an external source. Please run the perldoc perlsec command for more on Perl security. Again, other languages may implement other security verification hooks which look more or less like Perl's "taint-check" mechanism.

ISBN 0954161718Version Management with CVS - the CVS manualSee the print edition