Hello, Peter!
> Apparently CVS resolves the paths of the repository to the canonic
> representation. Thus the assertion
>
> | lock.c:177: failed assertion `strncmp (repository,
> | CVSroot_directory, strlen (CVSroot_directory)) == 0'
>
> fails. I didn't check the source code, but I am sure that this problem
> exists in other source files, too.
I think CVS makes the right thing here. It shouldn't go anywhere outside
the repository. If there is any suspicion that the current directory is
not under the allowed root, CVS should stop and raise an alert.
We have two other problems here. First of all, this check can be disabled
by specifying "-n" as a global option. This is a security hole. Have you
seen my message that demonstrates what's the favorite editor of root at
cvs.cyclic.com?
Another problem is that CVS should report something more appropriate here
rather than "failed assertion"
Regards,
Pavel Roskin
