bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS Security Issues


From: Mike Sutton
Subject: Re: CVS Security Issues
Date: Thu, 18 Dec 2003 16:15:52 -0500
User-agent: Mutt/1.4i

On 12/18/03 14:26:26, Derek Robert Price wrote:
> Hash: SHA1
> 
> The idea of both is to make it harder to overwrite the CVSROOT/passwd
> file and gain root.  I've actually just commited a fix that will be
> released soon with 1.11.11 & 1.12.5 which causes CVS to refuse to
> continue running if the system user specified in CVSROOT/passwd maps to
> root, but that doesn't stop anyone with write access to the
> CVSROOT/passwd file from assuming any other UID they'd like.

I posted a patch long ago that did just this for pserver connections.
If the mapped name correlates to root (uid 0) then access is denied.

Go for it.

-- 

Mike Sutton
SAIC
Division  397
(937) 431-2273 FAX ext. 2297
address@hidden






reply via email to

[Prev in Thread] Current Thread [Next in Thread]