[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: anonymous cvs init.
From: |
Tanaka Akira |
Subject: |
Re: anonymous cvs init. |
Date: |
30 Jan 2002 11:28:07 +0900 |
User-agent: |
T-gnus/6.14.5 (based on Gnus v5.8.7) (revision 08) SEMI/1.14.0 (Iburihashi) Deisui/1.14.0 (Kikuhime) APEL/10.3 Emacs/21.0.104 (i386-unknown-freebsd4.2) MULE/5.0 (SAKAKI) |
In article <address@hidden>,
address@hidden (Larry Jones) writes:
> No, it's a bug -- in pserver, you shouldn't be allowed to init a root
> other than the one you specified in the AUTH REQUEST (and the standard
> CVS client won't ever try). I don't think that's a serious problem
> since you won't be able to do anything else with the repository you
> create, but you could mount a denial of service attack by using up all
> the space on a disk creating bogus repositories. Of course, there are
> lots of other ways to mount DOS attacks with CVS that don't require
> bugs. I'm working on a fix.
Agreed. There are many ways to DOS attacks, Modified request with
very big (but compressed) file, for example.
In article <address@hidden>,
address@hidden (Larry Jones) writes:
> Said fix is now checked in.
Thank you.
--
Tanaka Akira