diff --git a/etc/inetd.conf b/etc/inetd.conf
index 1fd42462dcd3..c7f6cc6d749d 100644
--- a/etc/inetd.conf
+++ b/etc/inetd.conf
@@ -41,10 +41,12 @@ ntalk	dgram	udp	wait	tty:tty	/usr/libexec/ntalkd	ntalkd
 #kshell	stream	tcp	nowait	root	/usr/libexec/rshd	rshd -k
 #kip	stream	tcp	nowait	root	/usr/libexec/kipd	kipd
 #
-# CVS servers - for master CVS repositories only!
+# CVS servers - for master CVS repositories only!  You must set the
+# --allow-root path correctly or you open a trivial to exploit but
+# deadly security hole.
 #
-#cvspserver	stream	tcp	nowait	root	/usr/bin/cvs	cvs pserver
-#cvs		stream	tcp	nowait	root	/usr/bin/cvs	cvs kserver
+#cvspserver	stream	tcp	nowait	root	/usr/bin/cvs	cvs --allow-root=/your/cvsroot/here pserver
+#cvs		stream	tcp	nowait	root	/usr/bin/cvs	cvs --allow-root=/your/cvsroot/here kserver
 #
 # RPC based services (you MUST have portmapper running to use these)
 #