Re: twisted CVS

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: twisted CVS

From:	Noel Yap
Subject:	Re: twisted CVS
Date:	Wed, 14 Aug 2002 07:34:50 -0700 (PDT)

--- Derek Robert Price <address@hidden> wrote:
> It might have major impact if any of the repository
> files are executable 
> and also owned by the root group.  Say, if someone
> copied the repository 
> in as the root user, then changed the owner to their
> cvs user and left 
> the file groups alone.
> 
> Executing arbitrary code on the CVS server is
> trivial, but normally 
> isn't considered a major risk since it would be
> executed as the cvs 
> user.  But if code running as the cvs user could
> _then_ edit a setgid 
> root file and execute it, it could be trouble.

This is a good point.

I think most OS's today turn off the SUID and SGID
bits once the file is modified but it's much better to
check this situation on your particular OS.

Thanks,
Noel

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com

[Prev in Thread]

Current Thread

[Next in Thread]

Re: twisted CVS, (continued)
- Re: twisted CVS, Mark, 2002/08/14
  - Re: twisted CVS, Noel Yap, 2002/08/14
    - Re: twisted CVS, Mark, 2002/08/14
    - Re: twisted CVS, Noel Yap, 2002/08/14
- RE: twisted CVS, Brandon Brinkley, 2002/08/13
  - RE: twisted CVS, Noel Yap, 2002/08/13
- RE: twisted CVS, Brandon Brinkley, 2002/08/13
- RE: twisted CVS, Noel Yap, 2002/08/14
- RE: twisted CVS, Noel Yap, 2002/08/14
  - Re: twisted CVS, Derek Robert Price, 2002/08/14
    - Re: twisted CVS, Noel Yap <=

Prev by Date: FW: How do I run cvs as server on Win2K?
Next by Date: RE: Unknown user error?
Previous by thread: Re: twisted CVS
Next by thread: Unknown user error?
Index(es):
- Date
- Thread