Thread: [security issue] cvs is writtable by everyone.

[security issue] cvs is writtable by everyone.

From
Ducrot Bruno
Date:
Hello.

I found a mis-configuration on your CVS server.
The passwd file in the CVSROOT is maintened by CVS !

a single:
cvs -z3 -d :pserver:anoncvs@postgresql.org:/home/projects/pgsql/cvsroot co CVSROOT

and anybody can have the passwd file.

As a proof, I have modified the CVSROOT/loginfo and commited back.


--
Ducrot Bruno

Re: [security issue] cvs is writtable by everyone.

From
Bruce Momjian
Date:
In case you haven't heard, we have reconfigured CVS and changed all the
passwords. Thanks for the info.

> Hello.
>
> I found a mis-configuration on your CVS server.
> The passwd file in the CVSROOT is maintened by CVS !
>
> a single:
> cvs -z3 -d :pserver:anoncvs@postgresql.org:/home/projects/pgsql/cvsroot co CVSROOT
>
> and anybody can have the passwd file.
>
> As a proof, I have modified the CVSROOT/loginfo and commited back.
>
>
> --
> Ducrot Bruno
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026