[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: denial-of-service attack prohibits all users from creating new repos
Mark D. Baushke
Re: denial-of-service attack prohibits all users from creating new repositories
Tue, 1 Jun 2010 01:25:51 -0700
Bruno Haible <email@example.com> writes:
> This has been reported by at least 4 users:
> The common point between these reports is that they use the 'autopoint'
> program (part of GNU gettext), which uses the 'cvs' program to extract
> particular versions of files from an archive, and the error message
> cvs [init aborted]: Cannot initialize repository under existing CVSROOT
> 'autopoint' creates an empty directory and attempts to create an empty
> CVS repository in it, and this fails.
The only workaround would be to use chroot... probably not desirable for
this use case.
Failing that, you would need to hack ccvs/src/init.c::init() to ignore
the error of finding a CVSROOT looking hierarchy in the parent directory
chain. Again probably not desirable for this use case.
If there is sufficient demand, a '-f' option to force overwrite of an
existing repository may be able to be added.
Description: PGP signature
- Re: denial-of-service attack prohibits all users from creating new repositories,
Mark D. Baushke <=