Re: RCS lock files

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RCS lock files

From:	Derek R. Price
Subject:	Re: RCS lock files
Date:	Fri, 02 Mar 2001 17:48:15 -0500

Larry Jones wrote:

> On Unix-like systems, same filesystem (i.e., partition) is all that's
> required; I don't know about other systems, though.  But given symbolic
> links (and mount points, if anyone's crazy enough to do that) within the
> repository,

On a side issue, there are security reasons to disallow symlinks to areas 
outside
the repository, aren't there?  symlinks that lead outside the repository could 
be
used as a way around '--allow-root'.  Mount points, I would expect are tough
enough to create that sysadmins can be trusted to track them.  Symlinks seem 
like
they should be double-checked by CVS, though.

I will admit that the only initial exploit I can think of requires shell access
or write access to CVSROOT, but the latter might be enough to bother some 
people.

Derek

--
Derek Price                      CVS Solutions Architect ( http://CVSHome.org )
mailto:dprice@openavenue.com     OpenAvenue ( http://OpenAvenue.com )
--
I will not call the principal "spud head".
I will not call the principal "spud head".
I will not call the principal "spud head"...

          - Bart Simpson on chalkboard, _The Simpsons_

[Prev in Thread]

Current Thread

[Next in Thread]

RCS lock files, Derek R. Price, 2001/03/02
- Re: RCS lock files, Larry Jones, 2001/03/02
  - Re: RCS lock files, Derek R. Price, 2001/03/02
    - Re: RCS lock files, Larry Jones, 2001/03/02
    - Re: RCS lock files, Derek R. Price <=

Prev by Date: Re: RCS lock files
Next by Date: Disable continue by default in commit
Previous by thread: Re: RCS lock files
Next by thread: Disable continue by default in commit
Index(es):
- Date
- Thread