[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVSROOT write permission vulnerability

From: Bibhas Kumar Samanta
Subject: CVSROOT write permission vulnerability
Date: Mon, 20 Jan 2003 11:38:12 +0530


I have a simple query.
We have Solaris/unix network with NIS .
and we use /net/<machine_name>/system/CvsRoot as our CVSROOT 
which is accessible from all machines.

As CVSROOT requires write permission, it has 777 permission for
But this essentially empower each user  to delete the whole
CVSROOT , may be even mistakenly ie 
cd /net/<machine_name>/system/CvsRoot;\rm -rf *

How can I avoid that . or do I have any mechanism to log
who is accessing the CVSROOT area.

Or what is the common CVSROOT structure/access mechanism
is used by you .


reply via email to

[Prev in Thread] Current Thread [Next in Thread]