info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: anonymous cvs init.


From: Tanaka Akira
Subject: Re: anonymous cvs init.
Date: 30 Jan 2002 11:28:07 +0900
User-agent: T-gnus/6.14.5 (based on Gnus v5.8.7) (revision 08) SEMI/1.14.0 (Iburihashi) Deisui/1.14.0 (Kikuhime) APEL/10.3 Emacs/21.0.104 (i386-unknown-freebsd4.2) MULE/5.0 (SAKAKI)

In article <address@hidden>,
  address@hidden (Larry Jones) writes:

> No, it's a bug -- in pserver, you shouldn't be allowed to init a root
> other than the one you specified in the AUTH REQUEST (and the standard
> CVS client won't ever try).  I don't think that's a serious problem
> since you won't be able to do anything else with the repository you
> create, but you could mount a denial of service attack by using up all
> the space on a disk creating bogus repositories.  Of course, there are
> lots of other ways to mount DOS attacks with CVS that don't require
> bugs.  I'm working on a fix.

Agreed.  There are many ways to DOS attacks, Modified request with
very big (but compressed) file, for example.

In article <address@hidden>,
  address@hidden (Larry Jones) writes:

> Said fix is now checked in.

Thank you.
-- 
Tanaka Akira



reply via email to

[Prev in Thread] Current Thread [Next in Thread]