[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: denial-of-service attack prohibits all users from creating new
|
From: |
Todd Denniston |
|
Subject: |
Re: denial-of-service attack prohibits all users from creating new |
|
Date: |
Tue, 01 Jun 2010 20:04:11 -0400 |
|
User-agent: |
Thunderbird 2.0.0.24 (X11/20100318) |
Larry Jones wrote, On 06/01/2010 05:56 PM:
> Bruno Haible writes:
>> The four error messages from the four reports:
>> Cannot initialize repository under existing CVSROOT: `/home'
>> Cannot initialize repository under existing CVSROOT:
>> `/home/rdieter1/cvs.fedoraproject.org'
>> Cannot initialize repository under existing CVSROOT:
>> `/pokerserver_test/pokersource'
>> Cannot initialize repository under existing CVSROOT: `/usr/src/navit'
>
> None of those look like they're intended to be CVS repositories, so I
> would say that the reporters have either created CVSROOT subdirectories
> that have nothing to do with CVS (highly unlikely) or else they've run
> cvs init on a non-sensical root location. The latter is pure user error
> and they should be advised to delete said CVSROOT directory. (The CVS
> repository should only contain CVS managed files; one should never have
> one's working directory set inside a repository unless one is an expert
> who is actively trying to repair a damaged repository.)
>
(I don't think I am disagreeing with your eval of the cause of the message, but
perhaps with your
eval of what the users are now thinking, or failing to think when they setup a
repository a long
time ago... perhaps the cederqvist suggestion below is a way to go?)
Actually we are probably looking at naive users who used too little imagination
in creating the
directory they feed into the $CVSROOT variable, i.e., they did (at least at one
time)
export CVSROOT=/a/directory/somewhere/on/mymachine/CVSROOT
mkdir $CVSROOT
cvs -d $CVSROOT init
..Marley use this CVSROOT until the go to do something else, and then get bit
much later.
i.e. CVS lets you do the following with out complaint:
cd /tmp/
cvs -v # Concurrent Versions System (CVS) 1.11.22 (client/server)
mkdir CVSROOT
cvs -d /tmp/CVSROOT/ init
...perhaps at this point CVS should have output something along the lines:
'Um... CVS sees CVSROOT as an important directory name and something it
controls, you don't want to
use that as the name for your Repository, perhaps you should use mv
/tmp/CVSROOT/ `openssl rand
-base64 8'` and execute cvs init with that directory name.'
i.e. the users are annoyed because they don't understand why at the later point
they are getting
this new message.
Also in my copy of the cederqvist, which is admittedly cederqvist-1.11.23 a bit
old, the section F.1
"Partial list of error messages" is partial enough that it does not contain any
text along the lines of:
cvs [init aborted]: Cannot initialize repository under existing CVSROOT:
`ProblemDir'
Someone created a directory in ProblemDir called CVSROOT, because the
directory named CVSROOT
should only exist INSIDE of a repository, cvs believes you are asking it to
init another repository
inside of an existing one, which has bad security implications. You should
work with the owner of
that directory to figure out if it should be renamed or if you should not be
trying to init where
you are currently trying. Hint, when creating a directory that you will export
in the CVSROOT
environment variable, call that directory something other than CVSROOT.
<SNIP>
>> 2) This error messages was not present in previous versions of 'cvs'.
>
> And a number of CVS users shot themselves in the foot, which is why it
> was added.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter