[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: twisted CVS

From: Derek Robert Price
Subject: Re: twisted CVS
Date: Wed, 14 Aug 2002 10:20:31 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606

Noel Yap wrote:

The command I'm familiar with is "find $CVSROOT -type
d | xargs chmod g+s".  I don't know what system you
have so man chmod to make sure you're doing the right

In any case, I have two comments on the command above:
1. "chmod -R" will chmod files as well as directories.
In general, this is not what you want.  In CVS, I
think this may not have any major impact.

It might have major impact if any of the repository files are executable and also owned by the root group. Say, if someone copied the repository in as the root user, then changed the owner to their cvs user and left the file groups alone.

Executing arbitrary code on the CVS server is trivial, but normally isn't considered a major risk since it would be executed as the cvs user. But if code running as the cvs user could _then_ edit a setgid root file and execute it, it could be trouble.



Email: address@hidden

Get CVS support at
Always glad to share my ignorance - I've got plenty.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]