* Joerg Mayer wrote on Wed, Jun 11, 2003 at 00:59 +0200:
On Wed, Jun 11, 2003 at 12:47:44AM +0200, Steffen Dettmer wrote:
Well, for multiple purposes CVS uses temp files (probably in respect of $TEMP or so).
I'm especially astonished that the client allows access to absolute file/path names.
Yes, it is known that CVS offers access when giving write access to the repository. Check out possibilities of CVSROOT files,
As I wrote in my followup to my own post: The client does not try to actually access the file/directory outside the tree,
Ohh, the client... yes, I think it was a server message, as the filename "cvs-serv" suggests :-)
there a couple of nice things an intruder could use! CVS should be used in "trusted environments" only I think.
Can you please explain a bit what you are meaning?
When abusing a CVS server, someone could add and (server-side) execute scripts, do it does not really matter what CVS allows :-) Abusing a client with a software source repository is also quite easy, maybe adding a "trojan" into a configure M4 or such.
Of course you can use systems features to secure it a little (chroot with local r/o NFS mount for an unpriviledged user and so on).
I think you are talking about securing a CVS server - the client should not be allowed to write anywhere outside (aka closer to the root) its current directory - everything else would make me and probably many other people stop using the cvs client immediately.
Well, I would not rely on that, but usually it should not do that, yes. CVS is not designed as secure system but works well together with SSH. In almost any case, the CVS server could attack you by simply trojaning the delivered data. So be careful, as always :-) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.