On Sun, 23 Apr 2000, Michal Szymanski wrote:
> behaviour, so long as it has been properly done. Unfortunately method of
> generating new file names is very simple and weak. Every file name is easily
> predictable and consists of two parts: /tmp/cvs-serv string and PID of the
> current working cvs server:
It's irrelevant whether the tempfile name is "weak" or not - it *has* to
be predictable to other cvs servers to tell whether the repository is
locked!
The vulnerability described here is that users can write to the same part
of the filesystem used by CVS to maintain its lock state. It's also not
quite as serious as it might first sound, because anyone who can
legitimately connect to the CVS server remotely via CVS can cause a lock
to be taken out over any part of the repository, with the same effect.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <[EMAIL PROTECTED]>
