[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVSROOT write permission vulnerability
From: |
Larry Jones |
Subject: |
Re: CVSROOT write permission vulnerability |
Date: |
Mon, 20 Jan 2003 10:53:38 -0500 (EST) |
Bibhas Kumar Samanta writes:
>
> I have a simple query.
> We have Solaris/unix network with NIS .
> and we use /net/<machine_name>/system/CvsRoot as our CVSROOT
> which is accessible from all machines.
That means you're using NFS to access your repository. There have been
lots of reports of repository corruption due to NFS interoperability
bugs. If all of your machines are running Solaris you probably won't
have a problem, but if they're not, you're asking for trouble. Using
client/server mode with the server running on the machine that has the
repository on a locally mounted disk is the preferred alternative.
> As CVSROOT requires write permission, it has 777 permission for
> all.
> But this essentially empower each user to delete the whole
> CVSROOT , may be even mistakenly ie
> cd /net/<machine_name>/system/CvsRoot;\rm -rf *
>
> How can I avoid that . or do I have any mechanism to log
> who is accessing the CVSROOT area.
Setting the sticky bit (chmod -t) on a directory prevents normal users
from deleting or renaming files in that directory unless they own them.
-Larry Jones
I don't need to improve! Everyone ELSE does! -- Calvin
- CVSROOT write permission vulnerability, Bibhas Kumar Samanta, 2003/01/20
- Re: CVSROOT write permission vulnerability,
Larry Jones <=
- Re: CVSROOT write permission vulnerability, Mark D. Baushke, 2003/01/21
- Re: CVSROOT write permission vulnerability, Bibhas Kumar Samanta, 2003/01/22
- Re: CVSROOT write permission vulnerability, david, 2003/01/22
- Re: CVSROOT write permission vulnerability, Fabian Cenedese, 2003/01/22
- Re: CVSROOT write permission vulnerability, Eric Siegerman, 2003/01/22
- Discouraging :local:, Kenneth Porter, 2003/01/23
- Re: Discouraging :local:, Larry Jones, 2003/01/23