[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVSROOT write permission vulnerability
From: |
Eric Siegerman |
Subject: |
Re: CVSROOT write permission vulnerability |
Date: |
Mon, 20 Jan 2003 16:28:29 -0500 |
User-agent: |
Mutt/1.2.5i |
On Mon, Jan 20, 2003 at 12:58:45PM -0500, Larry Jones wrote:
> Eric Siegerman writes [about setting the sticky bit]:
> > Doing that in the repo would break CVS completely, wouldn't it?
> Yes, for directories that contain files. We've been know to use it on
> directories that only contain subdirectories, however. Particularly the
> top-level repository directory.
Hmmm. I guess that's cheap insurance against "cd $CVSROOT; mv foo bar",
but what else does it get you? Seems to me it doesn't do much
about "rm -rf $CVSROOT/foo" or "rm -rf $CVSROOT"; by the time the
rmdir() fails, foo's content's already toast...
--
| | /\
|-_|/ > Eric Siegerman, Toronto, Ont. address@hidden
| | /
Just Say No to the "faceless cannonfodder" stereotype.
- http://www.ainurin.net/ (an Orc site)
- CVSROOT write permission vulnerability, Bibhas Kumar Samanta, 2003/01/20
- Re: CVSROOT write permission vulnerability, Mark D. Baushke, 2003/01/21
- Re: CVSROOT write permission vulnerability, Bibhas Kumar Samanta, 2003/01/22
- Re: CVSROOT write permission vulnerability, david, 2003/01/22
- Re: CVSROOT write permission vulnerability, Fabian Cenedese, 2003/01/22
- Re: CVSROOT write permission vulnerability, Eric Siegerman, 2003/01/22
- Discouraging :local:, Kenneth Porter, 2003/01/23
- Re: Discouraging :local:, Larry Jones, 2003/01/23
- Re: Discouraging :local:, Kenneth Porter, 2003/01/25
- Re: Discouraging :local:, david, 2003/01/25
- Re: Discouraging :local:, Greg A. Woods, 2003/01/25