[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVSROOT write permission vulnerability
|
From: |
Eric Siegerman |
|
Subject: |
Re: CVSROOT write permission vulnerability |
|
Date: |
Mon, 20 Jan 2003 12:30:59 -0500 |
|
User-agent: |
Mutt/1.2.5i |
On Mon, Jan 20, 2003 at 10:53:38AM -0500, Larry Jones wrote:
> > As CVSROOT requires write permission, it has 777 permission for
> > all.
>
> Setting the sticky bit (chmod -t) on a directory prevents normal users
> from deleting or renaming files in that directory unless they own them.
Doing that in the repo would break CVS completely, wouldn't it?
For most users, a commit would fail at the point where it tried
to delete the old ,v file and rename the temporary copy (indeed,
the sticky bit would independently block both of those
operations). So only the owner of a given ,v file, and the owner
of its parent directory, would be able to commit new revisions.
To the original poster: Larry's main point still holds. Use
client/server, not NFS. That'll also help you with the
permissions problem, if you do it right. Doing it "right" has
been discussed here many times; for details, try searching the
list archives.
--
| | /\
|-_|/ > Eric Siegerman, Toronto, Ont. address@hidden
| | /
Just Say No to the "faceless cannonfodder" stereotype.
- http://www.ainurin.net/ (an Orc site)
- CVSROOT write permission vulnerability, Bibhas Kumar Samanta, 2003/01/20
- Re: CVSROOT write permission vulnerability, Mark D. Baushke, 2003/01/21
- Re: CVSROOT write permission vulnerability, Bibhas Kumar Samanta, 2003/01/22
- Re: CVSROOT write permission vulnerability, david, 2003/01/22
- Re: CVSROOT write permission vulnerability, Fabian Cenedese, 2003/01/22
- Re: CVSROOT write permission vulnerability, Eric Siegerman, 2003/01/22
- Discouraging :local:, Kenneth Porter, 2003/01/23
- Re: Discouraging :local:, Larry Jones, 2003/01/23
- Re: Discouraging :local:, Kenneth Porter, 2003/01/25