[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Fwd: Re: [support #102461] ciabot.pl, Can't do setuid
|
From: |
Russell Smith |
|
Subject: |
[Savannah-hackers] Fwd: Re: [support #102461] ciabot.pl, Can't do setuid |
|
Date: |
Thu, 25 Sep 2003 14:58:49 +1000 |
|
User-agent: |
KMail/1.5.1 |
As sent to Mathieu Roy, This is all that needs to be configured by users.
Other things are more for administration purposes, and should be adjusted by
savannah staff if the server load changes.
ciabot.pl %s $USER projectname
if desired, I can turn ALL the parameters into command line parameters, but I
don't think that is nessecary.
Russell Smith
---------- Forwarded Message ----------
Subject: Re: [support #102461] ciabot.pl, Can't do setuid
Date: Wed, 24 Sep 2003 12:05 pm
From: Russell Smith <address@hidden>
To: Mathieu Roy <address@hidden>
On Mon, 22 Sep 2003 08:37 pm, Mathieu Roy wrote:
> Russell Smith <address@hidden> a tapoté :
> > I do not wish the feature turned off, so I am reluctant to help you solve
> > the problem, but I will offer my ideas anyway.
> >
> > I have again got the script working. Somehow in the change, the setuid
> > bit got set on the script again. However by committing to cvs the file
> > in the checkout list. the setuid bit was cleared, and it works again.
> > (Nice, but I can't see that helping me in the long run)
> >
> > Shouldn't setting noexec on the cvsroot partition fix any execution of
> > scripts or files?
> >
> > Russell Smith
> >
> > if this security problem is fixed/closed would it be possible for this
> > script to be added to the general pool that is accessible by developers?
>
> Hum, this script seems requiring to be configured inside the script
> itself.
That is true, the only thing that should be really configured on a user by
user bases is the project name, I have attached the script with that one
small change. Everything else does not change on a project bases. Most
people who want to use it should be happy with the formatting of the
information. The e-mail do not change either, but if you want, you could
alter them to be another command line parameter.
Please reply if/when this is done, and the command syntax to use it.
Thanks for you work.
Russell Smith
PS. I see noexec is working properly :)
-------------------------------------------------------
ciabot.pl
Description: Text Data
- [Savannah-hackers] Fwd: Re: [support #102461] ciabot.pl, Can't do setuid,
Russell Smith <=