Re: denial-of-service attack prohibits all users from creating new

[Todd Denniston]

Larry Jones wrote, On 06/02/2010 08:38 PM:
> Todd Denniston writes:
>> Actually we are probably looking at naive users who used too little 
>> imagination in creating the
>> directory they feed into the $CVSROOT variable, i.e., they did (at least at 
>> one time)
>> export CVSROOT=/a/directory/somewhere/on/mymachine/CVSROOT
> 
> Hmmm, I hadn't considered that the problematic CVSROOT directory might
> actually be the root of a repository.  If that's the case, the users
> should rename the directory to something else since it will cause
> problems in the future (and is seriously confusing to boot).
> 

Especially when you consider that you now have 3 CVSROOTs to talk about on the 
mailing list
$CVSROOT #environment var pointing to repository
$CVSROOT/CVSROOT/ # repository config files
$CVSROOT/../CVSROOT/ # repository

It's always been fun trying to figure out what folks were talking about on the 
mailing list with
just the first two.

>> i.e. CVS lets you do the following with out complaint:
>> cd /tmp/
>> cvs -v # Concurrent Versions System (CVS) 1.11.22 (client/server)
>> mkdir CVSROOT
>> cvs -d /tmp/CVSROOT/ init
> 
> Not any more -- that triggers the "Cannot initialize repository under
> existing CVSROOT" message that we're discussing.

(just so I know)
are you saying 1.11.23 triggers the message?
The example I gave worked with 1.11.22, with out any messages.

> 
>> Also in my copy of the cederqvist, which is admittedly cederqvist-1.11.23 a 
>> bit old, the section F.1
>> "Partial list of error messages" is partial enough that it does not contain 
>> any text along the lines of:
>> cvs [init aborted]: Cannot initialize repository under existing CVSROOT: 
>> `ProblemDir'
> 
> Good point -- that seems to have been overlooked when the message was
> added.  I'll add something about it.

Thanks.

-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter