[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS Security Issues

From: Mike Sutton
Subject: Re: CVS Security Issues
Date: Thu, 18 Dec 2003 16:15:52 -0500
User-agent: Mutt/1.4i

On 12/18/03 14:26:26, Derek Robert Price wrote:
> Hash: SHA1
> The idea of both is to make it harder to overwrite the CVSROOT/passwd
> file and gain root.  I've actually just commited a fix that will be
> released soon with 1.11.11 & 1.12.5 which causes CVS to refuse to
> continue running if the system user specified in CVSROOT/passwd maps to
> root, but that doesn't stop anyone with write access to the
> CVSROOT/passwd file from assuming any other UID they'd like.

I posted a patch long ago that did just this for pserver connections.
If the mapped name correlates to root (uid 0) then access is denied.

Go for it.


Mike Sutton
Division  397
(937) 431-2273 FAX ext. 2297

reply via email to

[Prev in Thread] Current Thread [Next in Thread]