[security issue] cvs is writtable by everyone.

From: Ducrot Bruno <ducrot(at)echo(dot)fr>
To: pgsql-committers(at)postgresql(dot)org
Subject: [security issue] cvs is writtable by everyone.
Date: 2001-08-25 11:06:09
Message-ID: 20010825130609.A2699@neptune.echo-net.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Hello.

I found a mis-configuration on your CVS server.
The passwd file in the CVSROOT is maintened by CVS !

a single:
cvs -z3 -d :pserver:anoncvs(at)postgresql(dot)org:/home/projects/pgsql/cvsroot co CVSROOT

and anybody can have the passwd file.

As a proof, I have modified the CVSROOT/loginfo and commited back.

--
Ducrot Bruno

Responses

Browse pgsql-committers by date

  From Date Subject
Next Message Bruce Momjian - CVS 2001-08-25 17:46:12 pgsql/ oc/src/sgml/ref/createuser.sgml rc/bin/ ...
Previous Message Bruce Momjian - CVS 2001-08-25 03:01:27 pgsql/src/interfaces/libpq win32.mak