>>>>> "Ian" == Ian Lance Taylor <[EMAIL PROTECTED]> writes:
Ian> This looks like a serious security problem. It appears to open
Ian> anonymous CVS servers to a wide range of attack.
Correct me if I'm wrong, but it seems that one has to have commit
permissions to create these files, so in fact, typical use of
anonymous servers are safe.
Systems that give shells out to people that have write access
are already open to running programs by clients.
So, this really affects people that use :pserver: with write
access.
:!mcr!: | Solidum Systems Corporation, http://www.solidum.com
Michael Richardson | now at 1575 Carling Avenue... still moving in
Personal: <A
HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">[EMAIL PROTECTED]</A>.
PGP key available.
Corporate: <A HREF="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A>.
