bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RCS lock files


From: Derek R. Price
Subject: Re: RCS lock files
Date: Fri, 02 Mar 2001 17:48:15 -0500

Larry Jones wrote:

> On Unix-like systems, same filesystem (i.e., partition) is all that's
> required; I don't know about other systems, though.  But given symbolic
> links (and mount points, if anyone's crazy enough to do that) within the
> repository,

On a side issue, there are security reasons to disallow symlinks to areas 
outside
the repository, aren't there?  symlinks that lead outside the repository could 
be
used as a way around '--allow-root'.  Mount points, I would expect are tough
enough to create that sysadmins can be trusted to track them.  Symlinks seem 
like
they should be double-checked by CVS, though.

I will admit that the only initial exploit I can think of requires shell access
or write access to CVSROOT, but the latter might be enough to bother some 
people.

Derek

--
Derek Price                      CVS Solutions Architect ( http://CVSHome.org )
mailto:address@hidden     OpenAvenue ( http://OpenAvenue.com )
--
I will not call the principal "spud head".
I will not call the principal "spud head".
I will not call the principal "spud head"...

          - Bart Simpson on chalkboard, _The Simpsons_






reply via email to

[Prev in Thread] Current Thread [Next in Thread]