Re: temp file patch for cvs

Derek R. Price Tue, 09 Jan 2001 15:01:43 -0800
There are some changes in the development version of CVS which I think make
this unnecessary for most current UNIX platforms.  See
http://cvshome.org/dev/index.html#anon for instructions on using anonymous
CVS to access the dev version and the cvs_temp_file function in
src/filesubr.c for the specific changes.

Derek

--
Derek Price                      CVS Solutions Architect ( http://CVSHome.org )
mailto:[EMAIL PROTECTED]     OpenAvenue ( http://OpenAvenue.com )
--
Instead of that liberty which takes root and growth in the progress of reason,
if recovered by mere force or accident, it becomes with an unprepared people a
tyranny still of the many, the few, or the one.

                        - Thomas Jefferson to Lafayette, 1815.

Olaf Kirch wrote:

> Hi,
>
> The people at Immunix recently scanned all of RedHat 7.0 for
> temp file problems and found some in CVS (among many others).
>
> I'm currently testing a patch for this problem; the current
> patch is attached.
>
> What the patch does is
>
>  -      define CVS_SAFE_FOPEN and safe_fopen to create
>         temp files safely (i.e. using O_EXCL). This is still
>         subject to denial of service, but at least it's safe :)
>  -      Checked all calls to cvs_temp_name(), and made sure
>         that the resulting file is opened using safe_fopen()
>         In most cases this was straightforward, but on several
>         occasions RCS_checkout is called, and I went through
>         RCS_checkout to make sure the file is created safely
>         (this part of the patch may need special attention
>         to make sure it's okay)
>
> Cheers
> Olaf
> --
> Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
> [EMAIL PROTECTED]  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
> [EMAIL PROTECTED]    +-------------------- Why Not?! -----------------------
>          UNIX, n.: Spanish manufacturer of fire extinguishers.
>
>   ------------------------------------------------------------------------
>
>    cvs-1.11-security.patchName: cvs-1.11-security.patch
>                           Type: application/x-patch


_______________________________________________
Bug-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-cvs
Re: temp file patch for cvs

Reply via email to
