|
From: | Derek Robert Price |
Subject: | Re: twisted CVS |
Date: | Wed, 14 Aug 2002 10:20:31 -0400 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020606 |
Noel Yap wrote:
The command I'm familiar with is "find $CVSROOT -type d | xargs chmod g+s". I don't know what system you have so man chmod to make sure you're doing the right thing. In any case, I have two comments on the command above: 1. "chmod -R" will chmod files as well as directories. In general, this is not what you want. In CVS, I think this may not have any major impact.
It might have major impact if any of the repository files are executable and also owned by the root group. Say, if someone copied the repository in as the root user, then changed the owner to their cvs user and left the file groups alone.
Executing arbitrary code on the CVS server is trivial, but normally isn't considered a major risk since it would be executed as the cvs user. But if code running as the cvs user could _then_ edit a setgid root file and execute it, it could be trouble.
Derek -- *8^) Email: address@hidden Get CVS support at http://ximbiot.com --Always glad to share my ignorance - I've got plenty.
[Prev in Thread] | Current Thread | [Next in Thread] |