[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: denial-of-service attack prohibits all users from creating new

From: Larry Jones
Subject: Re: denial-of-service attack prohibits all users from creating new
Date: Wed, 2 Jun 2010 20:38:00 -0400

Todd Denniston writes:
> Actually we are probably looking at naive users who used too little 
> imagination in creating the
> directory they feed into the $CVSROOT variable, i.e., they did (at least at 
> one time)
> export CVSROOT=/a/directory/somewhere/on/mymachine/CVSROOT

Hmmm, I hadn't considered that the problematic CVSROOT directory might
actually be the root of a repository.  If that's the case, the users
should rename the directory to something else since it will cause
problems in the future (and is seriously confusing to boot).

> i.e. CVS lets you do the following with out complaint:
> cd /tmp/
> cvs -v # Concurrent Versions System (CVS) 1.11.22 (client/server)
> mkdir CVSROOT
> cvs -d /tmp/CVSROOT/ init

Not any more -- that triggers the "Cannot initialize repository under
existing CVSROOT" message that we're discussing.

> Also in my copy of the cederqvist, which is admittedly cederqvist-1.11.23 a 
> bit old, the section F.1
> "Partial list of error messages" is partial enough that it does not contain 
> any text along the lines of:
> cvs [init aborted]: Cannot initialize repository under existing CVSROOT: 
> `ProblemDir'

Good point -- that seems to have been overlooked when the message was
added.  I'll add something about it.
Larry Jones

Rats.  I can't tell my gum from my Silly Putty. -- Calvin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]