>Date: Wed, 26 Jul 2000 14:58:48 -0400 (EDT)
>From: Pavel Roskin <[EMAIL PROTECTED]>
>X-Sender: [EMAIL PROTECTED]
>To: Stephen Rasku <[EMAIL PROTECTED]>
>cc: [EMAIL PROTECTED]
>Subject: Re: questions about CVS
>
>Hello, Stephen!
>
>> In order to limit checkouts to the modules you need for each
>> application you can use the modules file. This is explained
in
>> the Cederqvist manual.
>
>I couldn't find anything like that in the manual. Maybe I'm
missing
>something, but it seems that the code in do_module() (file
>src/modules.c) doesn't really restrict using directories.
>
>For example:
>
>$ cvs -n rdiff -r0 ../../../../proc
>cvs [server aborted]: could not chdir to fd: Permission denied
>
>How do you prevent access to "../../../../proc" using the
"modules" file?
>If you could give a recipe, it would be very handy for
security-aware
>sysadmins.
This looks like a bug in CVS. You should not be able to access
above $CVSROOT in CVS. What is your CVSROOT set to?
--
Stephen Rasku E-mail: [EMAIL PROTECTED]
Senior Software Engineer Web: http://www.tgivan.com/
TGI Technologies http://www.pop-star.net/
