info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVSROOT write permission vulnerability


From: Larry Jones
Subject: Re: CVSROOT write permission vulnerability
Date: Mon, 20 Jan 2003 12:58:45 -0500 (EST)

Eric Siegerman writes [about setting the sticky bit]:
> 
> Doing that in the repo would break CVS completely, wouldn't it?
> For most users, a commit would fail at the point where it tried
> to delete the old ,v file and rename the temporary copy (indeed,
> the sticky bit would independently block both of those
> operations).  So only the owner of a given ,v file, and the owner
> of its parent directory, would be able to commit new revisions.

Yes, for directories that contain files.  We've been know to use it on
directories that only contain subdirectories, however.  Particularly the
top-level repository directory.

-Larry Jones

Well, it's all a question of perspective. -- Calvin




reply via email to

[Prev in Thread] Current Thread [Next in Thread]