[14756] in bugtraq
Re: CVS DoS
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Hannah_Schr=F6ter?=)
Tue May 2 19:59:06 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000502194120.C11794@schlund.de>
Date: Tue, 2 May 2000 19:41:20 +0200
Reply-To: =?iso-8859-1?Q?Hannah_Schr=F6ter?= <hannah@SCHLUND.DE>
From: =?iso-8859-1?Q?Hannah_Schr=F6ter?= <hannah@SCHLUND.DE>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000423174038.A520@clico.pl>; from Michal Szymanski on Sun,
Apr 23, 2000 at 05:40:38PM +0200
Hello!
On 04/23, Michal Szymanski wrote:
> [...]
> Tmpdir="/tmp"
> [...]
Only of there's no environment variable named TMPDIR.
So the workaround (or fix?) is obvious: set TMPDIR to something only
writable by legitimate processes, such as the pserver itself.
cvs also listens to a -T command line option, and passes that setting
on to any subprocesses via the TMPDIR environment variable, in that case.
Regards, Hannah.
