RE: Loophole in cvs_acls script allows restricted files to be com mitted

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Loophole in cvs_acls script allows restricted files to be com mitted

From:	Peter Connolly
Subject:	RE: Loophole in cvs_acls script allows restricted files to be com mitted
Date:	Thu, 18 Dec 2003 17:13:38 -0800


> 2. Change the way you write your acls. Your behavior will be more in
> line with what you expect if you write your unavail 
> directives based on
> directories rather than files. So to achieve what you want:
> unavail CVSROOT
> avail|cvsadmin|CVSROOT/avail
> avail|wimpy|CVSROOT/loginfo
> <<<EOF
> 
> I'd recommend option 2 here, or better yet, just using filesystem
> permissions if you can.
> 
> Hope this helps,
> 
> Geoff
>

Thanks Geoff. Indeed a rejiggering of my avail file solves my problem.

We'll probably use the filesystem permissions approach later, after we've 
refactored some of our restricted classes into separate directories... 

Btw, as you noted, I confirmed that the use of the null commit message command 
option -m"" does seem to trigger the directory-wide commits instead of the 
requested file-specific commit.  Verrrry interesting.

[Prev in Thread]

Current Thread

[Next in Thread]

RE: Loophole in cvs_acls script allows restricted files to be com mitted, Peter Connolly <=

Prev by Date: Re: CVS Security Issues
Next by Date: RE: Checksum failure: serious problem or not?
Previous by thread: CVS Feature Version 1.12.5 Released! <strong>(security update)</strong>
Next by thread: Win32 builds of 1.12.latest?
Index(es):
- Date
- Thread