Re: Proposal: have client CVS send remote username to server CVS

[Greg A. Woods]

[ On Friday, June 9, 2000 at 10:46:43 (-0400), Larry Jones wrote: ]
> Subject: Re: Proposal: have client CVS send remote username to server CVS
>
> Greg A. Woods writes:
> > 
> > Many (most?) systems foolishly allow a process to regain its
> > former privileges if great care is not taken, and on some I understand
> > it is not even possible to prevent such re-instatement, thereby leaving
> > CVS open to exploit throughout its entire body of un-audited code.
> 
> Most systems are not quite so foolish -- I've never heard of one that
> didn't have an exception for root such that one you give it away you
> can't get it back.

Such systems do exist (and indeed some variants of *BSD suffer this
problem, though more often it is when stupid features have been added to
SysV variants without enough care and design).

Regardless there are so many issues inherent in any kind of setuid
programming (let alone setuid-root!), that anyone suggesting it be done
within CVS should be convinced to reconsider.

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <[EMAIL PROTECTED]>      <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>