info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New update to the CVS ACL patch to support user groups


From: Noel L Yap
Subject: RE: New update to the CVS ACL patch to support user groups
Date: Wed, 25 Jul 2001 12:49:13 -0400

>Any vulnerability in CVS (or blatant known hole if the user has access
>to any of the execution path for stuff in *info files, or the *info
>files themselves, etc.) will _implicitly_ allow users to hack the repo,
>and even to do it in such a manner that they can affect _any_ file that
>_any_ CVS user has access to regardless of what any ACLs or permissions
>prevent their ID from doing.

Are you talking about file system ACL's or CVS ACL's?  If it's the former, I
don't see how this would be possible since authorisation is done by the file
system and you're logged in as yourself.  If it's the latter, I agree.

Noel



This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]