[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: New update to the CVS ACL patch to support user groups
From: |
Noel L Yap |
Subject: |
RE: New update to the CVS ACL patch to support user groups |
Date: |
Wed, 25 Jul 2001 12:49:13 -0400 |
>Any vulnerability in CVS (or blatant known hole if the user has access
>to any of the execution path for stuff in *info files, or the *info
>files themselves, etc.) will _implicitly_ allow users to hack the repo,
>and even to do it in such a manner that they can affect _any_ file that
>_any_ CVS user has access to regardless of what any ACLs or permissions
>prevent their ID from doing.
Are you talking about file system ACL's or CVS ACL's? If it's the former, I
don't see how this would be possible since authorisation is done by the file
system and you're logged in as yourself. If it's the latter, I agree.
Noel
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.
RE: New update to the CVS ACL patch to support user groups, Noel L Yap, 2001/07/25
RE: New update to the CVS ACL patch to support user groups, Noel L Yap, 2001/07/25
RE: New update to the CVS ACL patch to support user groups,
Noel L Yap <=
RE: New update to the CVS ACL patch to support user groups, Noel L Yap, 2001/07/25
RE: New update to the CVS ACL patch to support user groups, Noel L Yap, 2001/07/25
RE: New update to the CVS ACL patch to support user groups, Noel L Yap, 2001/07/26
RE: New update to the CVS ACL patch to support user groups, Noel L Yap, 2001/07/27