[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposal to Remove Commit/Update-Prog Functionality
|
From: |
Karl Fogel |
|
Subject: |
Re: Proposal to Remove Commit/Update-Prog Functionality |
|
Date: |
16 Jan 2003 10:24:33 -0600 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50 |
Derek Robert Price <derek@ximbiot.com> writes:
> I don't hear much about anyone who uses this functionality and it is a
> fairly major security hole in CVS, effectively allowing any client
> with write access to execute arbitrary code on a CVS server, so I am
> proposing the functionality be removed.
>
> Please note that I am proposing that the Checkin-prog and Update-prog
> commands be removed from the CVS protocol. This is different from the
> *info scripts that can be specified by the CVS administrator to run
> scripts at update and checkout.
>
> Alternately, if there are major objections to this, the code could be
> #ifdef'd or options provided in the CVSROOT/config file to enable the
> functionality, but I'd prefer to disable it.
Sounds like a very good idea! I doubt most people even know they're
there, let alone uses them.
At the very least, let's make sure they're #ifdef'd out of the default
server build. (But I think Derek's first idea of just removing them
from the protocol entirely is best.)
-Karl