[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVSROOT write permission vulnerability

From: Eric Siegerman
Subject: Re: CVSROOT write permission vulnerability
Date: Mon, 20 Jan 2003 12:30:59 -0500
User-agent: Mutt/1.2.5i

On Mon, Jan 20, 2003 at 10:53:38AM -0500, Larry Jones wrote:
> > As CVSROOT requires write permission, it has 777 permission for
> > all.
> Setting the sticky bit (chmod -t) on a directory prevents normal users
> from deleting or renaming files in that directory unless they own them.

Doing that in the repo would break CVS completely, wouldn't it?
For most users, a commit would fail at the point where it tried
to delete the old ,v file and rename the temporary copy (indeed,
the sticky bit would independently block both of those
operations).  So only the owner of a given ,v file, and the owner
of its parent directory, would be able to commit new revisions.

To the original poster:  Larry's main point still holds.  Use
client/server, not NFS.  That'll also help you with the
permissions problem, if you do it right.  Doing it "right" has
been discussed here many times; for details, try searching the
list archives.


|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        address@hidden
|  |  /
Just Say No to the "faceless cannonfodder" stereotype.
        - (an Orc site)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]