[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Security issue: Full server path returned to the client
From: |
Jim.Hyslop |
Subject: |
RE: Security issue: Full server path returned to the client |
Date: |
Wed, 17 Dec 2003 13:24:24 -0500 |
Wolfgang Loch [mailto:wolo@wolosoft.com] wrote:
> When using pserver protocol, the CVSROOT contains the server
> name and a
> relative path (or even a virtual name) of the CVS repository. At least
> that's true for cvsnt (don't know about Unix). But the RCS file name
> that I saw, was something like
> "F:/Company/RND/Repository/pat/to/module".
No, the CVSROOT variable is absolute. The CVSNT CVSROOT for the above should
look something like:
:pserver:user@server:/F//Company/RND/Repository/pat/to/module
Note that the "F:" is replaced with "F//" under CVSNT, so that it can work
with the standard GNU CVS client.
> The drive F: exists only on
> the server machine and I don't want anybody to know about
> this. If fact,
> no user needs to know that this server runs a Windows OS.
> Maybe it's not
> security related and I'm just paranoid.
Mebbe ;=)
--
Jim Hyslop
Senior Software Designer
Leitch Technology International Inc. (<http://www.leitch.com/>)
Columnist, C/C++ Users Journal (<http://www.cuj.com/experts>)