Thread: [security issue] cvs is writtable by everyone.

[security issue] cvs is writtable by everyone.

From

Ducrot Bruno

Date:

25 August 2001, 10:06:17

Hello.

I found a mis-configuration on your CVS server.
The passwd file in the CVSROOT is maintened by CVS !

a single:
cvs -z3 -d :pserver:anoncvs@postgresql.org:/home/projects/pgsql/cvsroot co CVSROOT

and anybody can have the passwd file.

As a proof, I have modified the CVSROOT/loginfo and commited back.


--
Ducrot Bruno

Re: [security issue] cvs is writtable by everyone.

From

Bruce Momjian

Date:

03 September 2001, 20:05:08

In case you haven't heard, we have reconfigured CVS and changed all the
passwords. Thanks for the info.

> Hello.
>
> I found a mis-configuration on your CVS server.
> The passwd file in the CVSROOT is maintened by CVS !
>
> a single:
> cvs -z3 -d :pserver:anoncvs@postgresql.org:/home/projects/pgsql/cvsroot co CVSROOT
>
> and anybody can have the passwd file.
>
> As a proof, I have modified the CVSROOT/loginfo and commited back.
>
>
> --
> Ducrot Bruno
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026