Re: Checking out files in the repository itself( how to better prevent )

[Derek R. Price]

Donald Sharp wrote:

> Derek -
>
>         What would be the best way to approach this?
>
> 1)  Modify the parsing of the CVSROOT to automatically take this into
> account, this would also include the traversal of symlinks.

This should be reasonable and might even fix a couple other bugs people have
reported in regards to repositories and symlinks.  Care will probably have to be
taken that the comparison to --allow-root comes after the parsing for security
reasons, but things probably already happen that way.


> The problem
> that I have with this one is that I am not sure I understand the
> implications of how the CVSROOT is parsed depending on if the cvs
> process is in server mode or client mode.

I think the issue here is simply only to bother checking symlinks in the :local:
section of parse_cvsroot.  I am almost certain that the server parses the root 
like
it is :local:.


> 2)  Modify safe_location() to include a check for the mounted directory.
> This seems safest( and easiest ) to implement.  Although I don't think
> that this check really belongs in safe_location().

I think you are correct about the check not belonging here, assuming no problems
arise with allowing the path reduction to take place in parse_cvsroot.

Derek
--
Derek Price                      CVS Solutions Architect ( http://CVSHome.org )
mailto:dprice@openavenue.com     OpenAvenue ( http://OpenAvenue.com )
--
Man who run behind car get exhausted.


> donald
>
> On Thu, Mar 01, 2001 at 09:55:08AM -0500, Derek R. Price wrote:
> > Donald Sharp wrote:
> >
> > > The current implementation prevents via the safe_location() function
> > > ( in checkout.c ).
> > >
> > > safe_location() follows symlinks back to find the actual location.  The
> > > problem that I am having is that repositories are not where they
> > > say they are due to mount issues.
> > >
> > > For Instance:
> > >
> > > One repository I have is at /nfs/swtrf/repository
> > > donsharp-u5:24> cd /nfs/swtrf/repository
> > > donsharp-u5:25> df -k .
> > > Filesystem            kbytes    used   avail capacity  Mounted on
> > > saba:/swtrf          8388608 3252424 4977952    40%    /auto/swtrf
> > > donsharp-u5:26> pwd
> > > /auto/swtrf/repository
> > > donsharp-u5:27>
> > >
> > > This causes the safe_location() check to not catch the fact that
> > > we really are inside of the repository.
> > >
> > > Would it be worthwhile to create a safer safe_location() that
> > > looks at mount points as well?
> >
> > Sure.  Send me a patch.  Make sure to include a test case that will fail
> > with the current CVS and passes with the new one.  You can assume that the
> > test case is run in a directory it has write access to and which resides
> > on an NFS share.  Create the link in tmp and test from there...
> >
> > Derek