[14663] in bugtraq
Re: CVS DoS
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Tue Apr 25 23:04:36 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0004241516540.2289-100000@freefall.freebsd.org>
Date: Mon, 24 Apr 2000 15:17:27 -0700
Reply-To: Kris Kennaway <kris@FREEBSD.ORG>
From: Kris Kennaway <kris@FREEBSD.ORG>
X-To: Michal Szymanski <siva9@CLICO.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.4.21.0004241353380.94126-100000@freefall.freebsd.org>
On Mon, 24 Apr 2000, Kris Kennaway wrote:
> of the filesystem used by CVS to maintain its lock state. It's also not
> quite as serious as it might first sound, because anyone who can
> legitimately connect to the CVS server remotely via CVS can cause a lock
> to be taken out over any part of the repository, with the same effect.
Sorry, but on further thought I don't think this is true. Locks are only
acquired for CVS write operations, not read operations.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
