[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: modules execution behavior
From: |
Mark D. Baushke |
Subject: |
Re: modules execution behavior |
Date: |
Fri, 20 May 2005 15:19:11 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joe Hetrick <address@hidden> writes:
> I searched the archives and came up short, so..
>
> I noticed something odd when moving between CVS < 1.11.5 > 1.11.5.
>
> -i commands specified in the modules file are no longer executed.
Correct.
> Could this be due to a change in behavior, or a misconfiguration?
It was a security fix for cvs 1.11.6.
> Moving between 1.10 or 1.11.5 or 1.11.17,18,20 shows the behavior.
>
> Below 1.11.5, my -i module commands are executed, with 17, 18, 20,
> they are not.
Correct.
> Here is a snippet from my modules file:
>
> raddb -i /home/cvs/cvsroot/cvs_bin/notify-radius.sh raddb
>
> Additionally, something I noticed is that "broken" behavior has no
> Checkin.prog specified in CVS/ of the repository.
>
> What have I missed?
The NEWS file tells you
|Changes from 1.11.5 to 1.11.6:
|
|...
|
|* The Checkin.prog and Update.prog functionality has been removed. This
|fuctionality previously allowed executables to be specified in the modules file
|to be run at update and checkin time, but users could edit these files on a per
|workspace basis, creating a security hole.
src/ChangeLog entry:
|2003-04-28 Derek Price <address@hidden>
|
| * client.c (save_prog): Remove unneeded struct.
| (checkin_progs, update_progs): Remove these unneeded globals.
| (handle_set_checkin_prog, handle_set_update_prog, do_deferred_progs):
| Remove these functions.
| (send_repository): Remove checkin and update prog support.
| (responses): Remove Set-checkin-prog and Set-update-prog.
| (get_responses_and_close): Don't call do_deferred_prog().
| * commit.c (commit_usage): Remove reference to -n.
| (commit): Don't set and send run_module_prog via -n. Don't run
| Checkin.prog or Checkout.prog in local mode.
| * modules.c (CVSMODULE_OPTS): Remove -i and -u.
| (do_module): Don't process -i and -u options to set checkin and update
| progs, respectively.
| * server.c (server_prog, serve_checkin_prog, server_update_prog):
| Remove unused functions.
| (requests): Remove Checkin-prog and Update-prog.
| * update.c (update_dirleave_proc): Remove update prog functionality.
|
| * cvs.h (CVSADM_CIPROG, CVSADM_UPROG): Remove unneeded defines.
| * server.h (server_prog): Remove proto.
| (progs): Remove enum.
|
| * sanity.sh (modules5): Remove tests for checkin and update programs.
The basic problem is that a hostile user could cause malicious code to
be committed to the cvs repository that other users would end up running
without recourse during either a 'cvs checkout' or a 'cvs update'.
Enjoy!
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFCjmJf3x41pRYZE/gRAsS4AKCqZ+P1mZ+obaHKyG13HsyxY2U8zQCfTKoI
PxdD97IeJKDiP62/dxyp4Lc=
=mEUW
-----END PGP SIGNATURE-----