[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: denial-of-service attack prohibits all users from creating new repos
From: |
Bruno Haible |
Subject: |
Re: denial-of-service attack prohibits all users from creating new repositories |
Date: |
Tue, 1 Jun 2010 21:07:21 +0200 |
User-agent: |
KMail/1.9.9 |
Hi Mark,
> The reason the check exists is because users were 'accidentally'
> creating new repositories inside of other repositories and 'avoiding'
> the existing real 'CVSROOT' trigger scripts for tagging and committing.
>
> The code to check up the path to see if the new directory is nominally a
> subtree of an existing repository is to stop such behavior and could be
> considered a security feature to the integrity of a CVS repository
> (althogh, typically only 'important' if set-gid or set-uid cvs
> executables are involved).
But your security feature can too easily be circumvented: A user can
do "cvs init" on another machine and then copy the resulting CVSROOT
directory to the place where he wants to have it. Like this:
$ cvs -d `pwd`/new init
$ (cd new && tar cf - CVSROOT) | (ssh other-machine tar xf -)
Before I put in this workaround into 'autopoint', can you please tell me:
1) Under which copyright are these files CVSROOT/* created by 'cvs init'?
Are they public domain, or copyrighted? by whom?
2) Do you intend to fill the hole in the security feature that I pointed
out above? That is, to disallow the workaround in some way?
3) Is there compatibility with the CVSROOT/* files between different
versions of cvs? That is, will the infrastructure files from cvs 1.11
work with cvs 1.12.14, and vice versa?
If I cannot use this workaround, I'll have to deprecate the configuration
option --with-cvs of GNU gettext, and enable --with-git by default instead.
Bruno