Re: CVS Security Issues

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS Security Issues

From:	Mike Sutton
Subject:	Re: CVS Security Issues
Date:	Thu, 18 Dec 2003 16:15:52 -0500
User-agent:	Mutt/1.4i

On 12/18/03 14:26:26, Derek Robert Price wrote:
> Hash: SHA1
> 
> The idea of both is to make it harder to overwrite the CVSROOT/passwd
> file and gain root.  I've actually just commited a fix that will be
> released soon with 1.11.11 & 1.12.5 which causes CVS to refuse to
> continue running if the system user specified in CVSROOT/passwd maps to
> root, but that doesn't stop anyone with write access to the
> CVSROOT/passwd file from assuming any other UID they'd like.

I posted a patch long ago that did just this for pserver connections.
If the mapped name correlates to root (uid 0) then access is denied.

Go for it.

-- 

Mike Sutton
SAIC
Division  397
(937) 431-2273 FAX ext. 2297
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

CVS Security Issues, Derek Robert Price, 2003/12/18
- Re: CVS Security Issues, Mike Sutton <=
  - Re: CVS Security Issues, Derek Robert Price, 2003/12/18
- Re: CVS Security Issues, Greg A. Woods, 2003/12/18
- Re: CVS Security Issues, Derek Robert Price, 2003/12/18
- RE: CVS Security Issues, Jim.Hyslop, 2003/12/19
  - RE: CVS Security Issues, Greg A. Woods, 2003/12/22
    - Unediting a commited file, Kayed Alfi, 2003/12/22
- RE: CVS Security Issues, Walter, Jan, 2003/12/19
  - Re: CVS Security Issues, Derek Robert Price, 2003/12/19
  - RE: CVS Security Issues, Greg A. Woods, 2003/12/22
- RE: CVS Security Issues, Jim.Hyslop, 2003/12/19

Prev by Date: Re: CVS Security Issues
Next by Date: Checksum failure: serious problem or not?
Previous by thread: CVS Security Issues
Next by thread: Re: CVS Security Issues
Index(es):
- Date
- Thread