Postgres Pro
Downloads
Home   >   mailing lists

[security issue] cvs is writtable by everyone. - Mailing list pgsql-committers

From Ducrot Bruno
Subject [security issue] cvs is writtable by everyone.
Date
Msg-id 20010825130609.A2699@neptune.echo-net.net
Whole thread Raw
Responses Re: [security issue] cvs is writtable by everyone.  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-committers
Tree view 
Hello.

I found a mis-configuration on your CVS server.
The passwd file in the CVSROOT is maintened by CVS !

a single:
cvs -z3 -d :pserver:anoncvs@postgresql.org:/home/projects/pgsql/cvsroot co CVSROOT

and anybody can have the passwd file.

As a proof, I have modified the CVSROOT/loginfo and commited back.


--
Ducrot Bruno

pgsql-committers by date:

Previous
From: Bruce Momjian - CVS
Date:
Subject: pgsql/src/interfaces/libpq win32.mak
Next
From: Bruce Momjian - CVS
Date:
Subject: pgsql/ oc/src/sgml/ref/createuser.sgml rc/bin/ ...