[16010] in bugtraq
Re: cvs security problem
daemon@ATHENA.MIT.EDU (Tanaka Akira)
Sat Jul 29 16:33:40 2000
Mime-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: text/plain; charset=US-ASCII
Message-Id: <hvoog3hjkfi.fsf@serein.m17n.org>
Date: Sat, 29 Jul 2000 19:32:49 +0900
Reply-To: Tanaka Akira <akr@M17N.ORG>
From: Tanaka Akira <akr@M17N.ORG>
X-To: Kev <klmitch@mit.edu>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200007281820.OAA09553@multics.mit.edu> (Kev's message of "Fri,
28 Jul 2000 14:20:42 -0400")
In article <200007281820.OAA09553@multics.mit.edu>,
Kev <klmitch@mit.edu> writes:
> From the CVS info page (Node: Password authentication security):
>
> The separate CVS password file (*note Password authentication
> server::) allows people to use a different password for repository
> access than for login access. On the other hand, once a user has
> non-read-only access to the repository, she can execute programs on the
> server system through a variety of means. Thus, repository access
> implies fairly broad system access as well. It might be possible to
> modify CVS to prevent that, but no one has done so as of this writing.
>
> (cvs version 1.10.7; I'd be suprised if .8 has changed that much in this
> respect.)
Yes. But cvs.texinfo has also:
| Note also that the commit and update programs work ONLY when using
| local repository access - the files simply aren't created when sources
| are checked out from a pserver or other remote CVS.
So, at least Checkin.prog and Update.prog should not work with remote
repository even if there are other way to execute arbitrary
programs...
(Or, the document should be fixed.)
--
Tanaka Akira
