[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVSROOT write permission vulnerability

From: Eric Siegerman
Subject: Re: CVSROOT write permission vulnerability
Date: Mon, 20 Jan 2003 16:28:29 -0500
User-agent: Mutt/1.2.5i

On Mon, Jan 20, 2003 at 12:58:45PM -0500, Larry Jones wrote:
> Eric Siegerman writes [about setting the sticky bit]:
> > Doing that in the repo would break CVS completely, wouldn't it?
> Yes, for directories that contain files.  We've been know to use it on
> directories that only contain subdirectories, however.  Particularly the
> top-level repository directory.

Hmmm.  I guess that's cheap insurance against "cd $CVSROOT; mv foo bar",
but what else does it get you?  Seems to me it doesn't do much
about "rm -rf $CVSROOT/foo" or "rm -rf $CVSROOT"; by the time the
rmdir() fails, foo's content's already toast...


|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        address@hidden
|  |  /
Just Say No to the "faceless cannonfodder" stereotype.
        - (an Orc site)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]