[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: denial-of-service attack prohibits all users from creating new repos
From: |
Mark D. Baushke |
Subject: |
Re: denial-of-service attack prohibits all users from creating new repositories |
Date: |
Tue, 1 Jun 2010 01:25:51 -0700 |
Hi Bruno,
Bruno Haible <bruno@clisp.org> writes:
> This has been reported by at least 4 users:
> <http://lists.gnu.org/archive/html/bug-gnu-utils/2010-05/msg00063.html>
> <https://bugzilla.redhat.com/show_bug.cgi?id=509387>
> <http://pastebin.com/f6d75a039>
> <http://trac.navit-project.org/ticket/317>
>
> The common point between these reports is that they use the 'autopoint'
> program (part of GNU gettext), which uses the 'cvs' program to extract
> particular versions of files from an archive, and the error message
>
> cvs [init aborted]: Cannot initialize repository under existing CVSROOT
>
> 'autopoint' creates an empty directory and attempts to create an empty
> CVS repository in it, and this fails.
The only workaround would be to use chroot... probably not desirable for
this use case.
Failing that, you would need to hack ccvs/src/init.c::init() to ignore
the error of finding a CVSROOT looking hierarchy in the parent directory
chain. Again probably not desirable for this use case.
If there is sufficient demand, a '-f' option to force overwrite of an
existing repository may be able to be added.
-- Mark
pgp7xER7DnY7s.pgp
Description: PGP signature
- Re: denial-of-service attack prohibits all users from creating new repositories,
Mark D. Baushke <=