[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: modules execution behavior

From: Mark D. Baushke
Subject: Re: modules execution behavior
Date: Fri, 20 May 2005 15:19:11 -0700

Hash: SHA1

Joe Hetrick <address@hidden> writes:

> I searched the archives and came up short, so..
> I noticed something odd when moving between CVS < 1.11.5 > 1.11.5.
> -i commands specified in the modules file are no longer executed.


> Could this be due to a change in behavior, or a misconfiguration?

It was a security fix for cvs 1.11.6.

> Moving between 1.10 or 1.11.5 or 1.11.17,18,20 shows the behavior.
> Below 1.11.5, my -i module commands are executed, with 17, 18, 20,
> they are not.


> Here is a snippet from my modules file:
>      raddb -i /home/cvs/cvsroot/cvs_bin/ raddb
> Additionally, something I noticed is that "broken" behavior has no
> Checkin.prog specified in CVS/ of the repository.
> What have I missed?

The NEWS file tells you

|Changes from 1.11.5 to 1.11.6:
|* The Checkin.prog and Update.prog functionality has been removed.  This
|fuctionality previously allowed executables to be specified in the modules file
|to be run at update and checkin time, but users could edit these files on a per
|workspace basis, creating a security hole.

src/ChangeLog entry:

|2003-04-28  Derek Price  <address@hidden>
|       * client.c (save_prog): Remove unneeded struct.
|       (checkin_progs, update_progs): Remove these unneeded globals.
|       (handle_set_checkin_prog, handle_set_update_prog, do_deferred_progs):
|       Remove these functions.
|       (send_repository): Remove checkin and update prog support.
|       (responses): Remove Set-checkin-prog and Set-update-prog.
|       (get_responses_and_close): Don't call do_deferred_prog().
|       * commit.c (commit_usage): Remove reference to -n.
|       (commit): Don't set and send run_module_prog via -n.  Don't run
|       Checkin.prog or Checkout.prog in local mode.
|       * modules.c (CVSMODULE_OPTS): Remove -i and -u.
|       (do_module): Don't process -i and -u options to set checkin and update
|       progs, respectively.
|       * server.c (server_prog, serve_checkin_prog, server_update_prog):
|       Remove unused functions.
|       (requests): Remove Checkin-prog and Update-prog.
|       * update.c (update_dirleave_proc): Remove update prog functionality.
|       * cvs.h (CVSADM_CIPROG, CVSADM_UPROG): Remove unneeded defines.
|       * server.h (server_prog): Remove proto.
|       (progs): Remove enum.
|       * (modules5): Remove tests for checkin and update programs.

The basic problem is that a hostile user could cause malicious code to
be committed to the cvs repository that other users would end up running
without recourse during either a 'cvs checkout' or a 'cvs update'.

        -- Mark
Version: GnuPG v1.2.3 (FreeBSD)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]