[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS Security Issues
From: |
Mike Sutton |
Subject: |
Re: CVS Security Issues |
Date: |
Thu, 18 Dec 2003 16:15:52 -0500 |
User-agent: |
Mutt/1.4i |
On 12/18/03 14:26:26, Derek Robert Price wrote:
> Hash: SHA1
>
> The idea of both is to make it harder to overwrite the CVSROOT/passwd
> file and gain root. I've actually just commited a fix that will be
> released soon with 1.11.11 & 1.12.5 which causes CVS to refuse to
> continue running if the system user specified in CVSROOT/passwd maps to
> root, but that doesn't stop anyone with write access to the
> CVSROOT/passwd file from assuming any other UID they'd like.
I posted a patch long ago that did just this for pserver connections.
If the mapped name correlates to root (uid 0) then access is denied.
Go for it.
--
Mike Sutton
SAIC
Division 397
(937) 431-2273 FAX ext. 2297
address@hidden