[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: twisted CVS

From: Noel Yap
Subject: Re: twisted CVS
Date: Wed, 14 Aug 2002 07:34:50 -0700 (PDT)

--- Derek Robert Price <address@hidden> wrote:
> It might have major impact if any of the repository
> files are executable 
> and also owned by the root group.  Say, if someone
> copied the repository 
> in as the root user, then changed the owner to their
> cvs user and left 
> the file groups alone.
> Executing arbitrary code on the CVS server is
> trivial, but normally 
> isn't considered a major risk since it would be
> executed as the cvs 
> user.  But if code running as the cvs user could
> _then_ edit a setgid 
> root file and execute it, it could be trouble.

This is a good point.

I think most OS's today turn off the SUID and SGID
bits once the file is modified but it's much better to
check this situation on your particular OS.


Do You Yahoo!?
HotJobs - Search Thousands of New Jobs

reply via email to

[Prev in Thread] Current Thread [Next in Thread]