diff -Naur  cvs-1.10.8/ChangeLog cvs-1.10.8.capveg/ChangeLog
--- cvs-1.10.8/ChangeLog	Mon Dec 13 15:08:19 1999
+++ cvs-1.10.8.capveg/ChangeLog	Sat Mar 11 18:39:35 2000
@@ -1,3 +1,7 @@
+2000-03-11  Rob Sherwood <capveg@cs.umd.edu>
+	* added "--allow_root_list=<filename>" option to prevent nasty chaining
+	of "--allow_root=foo --allow_root=bar .... " options <filename> is a 
+	list of CR separated directories
 1999-12-09  Larry Jones  <larry.jones@sdrc.com>
 
 	* configure.in: Correctly handle systems that need both libsocket
diff -Naur  cvs-1.10.8/NEWS cvs-1.10.8.capveg/NEWS
--- cvs-1.10.8/NEWS	Thu Nov  4 12:45:08 1999
+++ cvs-1.10.8.capveg/NEWS	Sat Mar 11 18:40:47 2000
@@ -1,5 +1,8 @@
 Changes since 1.10:
 
+* "--allow_root_list=<filename>" option to replace multiple "--allow_root"
+flags
+
 * Anonymous read-only access can now be done without requiring a
 password.  On the server side, simply give that user (presumably
 `anonymous') an empty password in the CVSROOT/passwd file, and then
diff -Naur  cvs-1.10.8/src/cvs.h cvs-1.10.8.capveg/src/cvs.h
--- cvs-1.10.8/src/cvs.h	Mon Jan  3 15:49:12 2000
+++ cvs-1.10.8.capveg/src/cvs.h	Sat Mar 11 18:28:48 2000
@@ -453,6 +453,7 @@
 void set_local_cvsroot PROTO((char *dir));
 void Create_Root PROTO((char *dir, char *rootdir));
 void root_allow_add PROTO ((char *));
+void root_allow_list_add PROTO ((char *));
 void root_allow_free PROTO ((void));
 int root_allow_ok PROTO ((char *));
 
diff -Naur  cvs-1.10.8/src/main.c cvs-1.10.8.capveg/src/main.c
--- cvs-1.10.8/src/main.c	Tue Aug 17 13:16:25 1999
+++ cvs-1.10.8.capveg/src/main.c	Fri Mar 10 17:16:47 2000
@@ -426,6 +426,7 @@
 	{"help-synonyms", 0, NULL, 2},
 	{"help-options", 0, NULL, 4},
 	{"allow-root", required_argument, NULL, 3},
+	{"allow-root-list", required_argument, NULL, 5},
         {0, 0, 0, 0}
     };
     /* `getopt_long' stores the option index here, but right now we
@@ -529,6 +530,10 @@
 	    case 3:
 		/* --allow-root */
 		root_allow_add (optarg);
+		break;
+	    case 5:
+		/* --allow-root-list */
+		root_allow_list_add(optarg);
 		break;
 	    case 'Q':
 		really_quiet = 1;
diff -Naur  cvs-1.10.8/src/root.c cvs-1.10.8.capveg/src/root.c
--- cvs-1.10.8/src/root.c	Sun Mar  7 15:17:02 1999
+++ cvs-1.10.8.capveg/src/root.c	Tue Mar 14 16:11:26 2000
@@ -183,6 +183,7 @@
     char *arg;
 {
     char *p;
+    struct stat sbuf;
 
     if (root_allow_size <= root_allow_count)
     {
@@ -222,13 +223,77 @@
 	    exit (EXIT_FAILURE);
 	}
     }
+    /* stat directory, make sure it exists, and is a directory 
+     * 	I am assuming this should be a non-fatal error
+     */
+    if(stat(arg,&sbuf))
+    {
+	error(0,errno,"%s",arg);
+	return;
+    }
+    if(!sbuf.st_mode&S_IFDIR)
+    {
+	error(0,0,"%s is not a directory",arg);
+	return;
+    }
+
     p = malloc (strlen (arg) + 1);
     if (p == NULL)
 	goto no_memory;
     strcpy (p, arg);
+	
     root_allow_vector[root_allow_count++] = p;
 }
 
+/* root_allow_list_add(): open a file, iterate through the files' contents
+ *	and add them to the allow-root list via root_allow_add()
+ */
+
+void 
+root_allow_list_add(file)
+   char * file;
+{
+	FILE *f;
+	char strbuf[2048];
+	char *ptr;
+	struct stat sbuf;
+	
+	/* get the file's permissions, and make sure they are sane.
+	 *	Reasoning: if we are running out of inetd, we typically
+	 * 	are running as root, so take extra precautions
+	 */
+	
+	if(stat(file,&sbuf))
+		/* file does not exist */
+		error(0,errno," stat failed for %s",file);		
+	if(sbuf.st_mode&S_IWGRP || sbuf.st_mode&S_IWOTH )
+		/* file is group or world writable */
+		error(0,0," File %s is group or world writable",file);
+	f=fopen(file,"r");
+	if(!f)
+		error(1,errno,"%s",file);
+	while(fgets(strbuf,2048,f))
+	{
+		/* remove EOLN characters from the string */
+		if((ptr=strchr(strbuf,'\r')) != NULL)
+			*ptr=NULL; 
+		if((ptr=strchr(strbuf,'\n')) != NULL)
+			*ptr=NULL;
+		/* strip comments (lines with '#'s) */
+		if((ptr=strchr(strbuf,'#')) != NULL)
+		{
+			*ptr=NULL;
+			if(strlen(strbuf) == 0)
+				continue;	/* move on if entire line is
+						 * commented out
+						 */
+		}
+		/* root_allow_add() does sanity checks on the contents */
+		root_allow_add(strbuf);
+	}
+
+}
+	
 void
 root_allow_free ()
 {
