* Joerg Mayer wrote on Wed, Jun 11, 2003 at 00:18 +0200:
jmayer@alice:~/work/games/freeoxyd/enigma> cvs -t up -> main loop with CVSROOT=:pserver:anoncvs@subversions.gnu.org:/cvsroot/enigma -> Connecting to subversions.gnu.org(199.232.41.2):2401 can't create temporary directory /mnt/ramfs/cvs-serv22847
So far I'd assumed that CVS does not try to access files outside my local cvs tree.
Well, for multiple purposes CVS uses temp files (probably in respect of $TEMP or so).
I'm especially astonished that the client allows access to absolute file/path names.
Yes, it is known that CVS offers access when giving write access to the repository. Check out possibilities of CVSROOT files, there a couple of nice things an intruder could use! CVS should be used in "trusted environments" only I think. Of course you can use systems features to secure it a little (chroot with local r/o NFS mount for an unpriviledged user and so on). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.