> >How do you prevent access to "../../../../proc" using the
> "modules" file?
Maybe I misunderstood you, but I'm still interested to hear whether
CVSROOT/modules can prevent access at least to some directories.
> >If you could give a recipe, it would be very handy for
> security-aware
> >sysadmins.
>
> This looks like a bug in CVS. You should not be able to access
> above $CVSROOT in CVS. What is your CVSROOT set to?
To a server on my LAN running yesterdays snapshot of CVS.
I agree, it's a bug. For some reason patch() doesn't call
outside_root() while checkout() does (indirectly, of course).
Regards,
Pavel Roskin
