[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: denial-of-service attack prohibits all users from creating new
From: |
Todd Denniston |
Subject: |
Re: denial-of-service attack prohibits all users from creating new |
Date: |
Thu, 03 Jun 2010 16:08:12 -0400 |
User-agent: |
Thunderbird 2.0.0.24 (X11/20100318) |
Larry Jones wrote, On 06/02/2010 08:38 PM:
> Todd Denniston writes:
>> Actually we are probably looking at naive users who used too little
>> imagination in creating the
>> directory they feed into the $CVSROOT variable, i.e., they did (at least at
>> one time)
>> export CVSROOT=/a/directory/somewhere/on/mymachine/CVSROOT
>
> Hmmm, I hadn't considered that the problematic CVSROOT directory might
> actually be the root of a repository. If that's the case, the users
> should rename the directory to something else since it will cause
> problems in the future (and is seriously confusing to boot).
>
Especially when you consider that you now have 3 CVSROOTs to talk about on the
mailing list
$CVSROOT #environment var pointing to repository
$CVSROOT/CVSROOT/ # repository config files
$CVSROOT/../CVSROOT/ # repository
It's always been fun trying to figure out what folks were talking about on the
mailing list with
just the first two.
>> i.e. CVS lets you do the following with out complaint:
>> cd /tmp/
>> cvs -v # Concurrent Versions System (CVS) 1.11.22 (client/server)
>> mkdir CVSROOT
>> cvs -d /tmp/CVSROOT/ init
>
> Not any more -- that triggers the "Cannot initialize repository under
> existing CVSROOT" message that we're discussing.
(just so I know)
are you saying 1.11.23 triggers the message?
The example I gave worked with 1.11.22, with out any messages.
>
>> Also in my copy of the cederqvist, which is admittedly cederqvist-1.11.23 a
>> bit old, the section F.1
>> "Partial list of error messages" is partial enough that it does not contain
>> any text along the lines of:
>> cvs [init aborted]: Cannot initialize repository under existing CVSROOT:
>> `ProblemDir'
>
> Good point -- that seems to have been overlooked when the message was
> added. I'll add something about it.
Thanks.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter