[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVSROOT write permission vulnerability
From: |
Larry Jones |
Subject: |
Re: CVSROOT write permission vulnerability |
Date: |
Mon, 20 Jan 2003 12:58:45 -0500 (EST) |
Eric Siegerman writes [about setting the sticky bit]:
>
> Doing that in the repo would break CVS completely, wouldn't it?
> For most users, a commit would fail at the point where it tried
> to delete the old ,v file and rename the temporary copy (indeed,
> the sticky bit would independently block both of those
> operations). So only the owner of a given ,v file, and the owner
> of its parent directory, would be able to commit new revisions.
Yes, for directories that contain files. We've been know to use it on
directories that only contain subdirectories, however. Particularly the
top-level repository directory.
-Larry Jones
Well, it's all a question of perspective. -- Calvin
- CVSROOT write permission vulnerability, Bibhas Kumar Samanta, 2003/01/20
- Re: CVSROOT write permission vulnerability, Mark D. Baushke, 2003/01/21
- Re: CVSROOT write permission vulnerability, Bibhas Kumar Samanta, 2003/01/22
- Re: CVSROOT write permission vulnerability, david, 2003/01/22
- Re: CVSROOT write permission vulnerability, Fabian Cenedese, 2003/01/22
- Re: CVSROOT write permission vulnerability, Eric Siegerman, 2003/01/22
- Discouraging :local:, Kenneth Porter, 2003/01/23
- Re: Discouraging :local:, Larry Jones, 2003/01/23
- Re: Discouraging :local:, Kenneth Porter, 2003/01/25
- Re: Discouraging :local:, david, 2003/01/25