> "Tanaka" == Tanaka Akira <[EMAIL PROTECTED]> writes:
Tanaka> In article <[EMAIL PROTECTED]>,
Tanaka> Michael Richardson <[EMAIL PROTECTED]> writes:
>> Systems that give shells out to people that have write access
>> are already open to running programs by clients.
>>
Ian Lance Taylor writes:
>
> As I read the code, Update.prog lets me have an arbitrary number of
> arguments. Look at run_setup. Given that much leeway, I could do a
> lot using /bin/sh -c.
You're right, you can have arguments. I don't think sh -c would be very
useful, though, since only the
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Larry Jones) writes:
> It's a known problem. Like it says in the Cederqvist manual (under
> "Security considerations with password authentication"):
>
> ... once a user has non-read-only access to the repository, she
> can execute
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Larry Jones) writes:
> Update.prog just contains the name of the program to run, not the actual
> code. If you can't commit, you can't upload arbitrary code to run, you
> can only run pre-existing code on the server, and you have no control
>
In article <[EMAIL PROTECTED]>,
Michael Richardson <[EMAIL PROTECTED]> writes:
> Systems that give shells out to people that have write access
> are already open to running programs by clients.
>
> So, this really affects people that use :pserver: with write
> access.
The problem also af
> "Karl" == Karl Fogel <[EMAIL PROTECTED]> writes:
Karl> Sorry -- good point. I'll look at it in detail when I'm looking at it
Karl> in detail, which will be early next week. In the meantime, I'll keep
Karl> my mouth shut. :-)
Karl> -K
Karl> Ian Lance Taylor <[EMAIL PR
> "Ian" == Ian Lance Taylor <[EMAIL PROTECTED]> writes:
Ian> This looks like a serious security problem. It appears to open
Ian> anonymous CVS servers to a wide range of attack.
Correct me if I'm wrong, but it seems that one has to have commit
permissions to create these files, so
On Fri, Jul 28, 2000 at 05:20:13PM -0400, Larry Jones wrote:
>-- the simplest fix would
> be to just get rid of checkin and update programs, but I'm not sure how
> people would feel about that.
It would probably remove any chance I have of getting t
> Update.prog just contains the name of the program to run, not the actual
> code. If you can't commit, you can't upload arbitrary code to run, you
> can only run pre-existing code on the server, and you have no control
> over its input or arguments, so it's a very low-level threat.
cat "wget ft
Date: 28 Jul 2000 14:58:08 -0700
From: Ian Lance Taylor <[EMAIL PROTECTED]>
Date: Fri, 28 Jul 2000 17:36:53 -0400 (EDT)
From: Pavel Roskin <[EMAIL PROTECTED]>
I hope that there is no immediate danger. Look at serve_update_prog() - it
checks whether commits are allow
Date: Fri, 28 Jul 2000 17:36:53 -0400 (EDT)
From: Pavel Roskin <[EMAIL PROTECTED]>
I hope that there is no immediate danger. Look at serve_update_prog() - it
checks whether commits are allowed and exits if they are not. It prints a
strange message though:
E Flag -u in modules n
Date: Fri, 28 Jul 2000 17:45:13 -0400 (EDT)
From: [EMAIL PROTECTED] (Larry Jones)
Ian Lance Taylor writes:
> What if I frob Update.prog? I don't claim to understand all the cases
> here, but it appears that that will be run by `cvs update'.
Update.prog just contains the name
Ian Lance Taylor writes:
>
> What if I frob Update.prog? I don't claim to understand all the cases
> here, but it appears that that will be run by `cvs update'.
Update.prog just contains the name of the program to run, not the actual
code. If you can't commit, you can't upload arbitrary code t
Hello!
On 28 Jul 2000, Karl Fogel wrote:
> Sorry -- good point. I'll look at it in detail when I'm looking at it
> in detail, which will be early next week. In the meantime, I'll keep
> my mouth shut. :-)
I hope that there is no immediate danger. Look at serve_update_prog() - it
checks whethe
Sorry -- good point. I'll look at it in detail when I'm looking at it
in detail, which will be early next week. In the meantime, I'll keep
my mouth shut. :-)
-K
Ian Lance Taylor <[EMAIL PROTECTED]> writes:
>From: Karl Fogel <[EMAIL PROTECTED]>
>Date: 28 Jul 2000 14:01:23 -0500
>
>
From: Karl Fogel <[EMAIL PROTECTED]>
Date: 28 Jul 2000 14:01:23 -0500
Ian Lance Taylor <[EMAIL PROTECTED]> writes:
> This looks like a serious security problem. It appears to open
> anonymous CVS servers to a wide range of attack.
It looks serious, but not for anonymous-only s
Ian Lance Taylor writes:
>
> This looks like a serious security problem. It appears to open
> anonymous CVS servers to a wide range of attack.
It's a known problem. Like it says in the Cederqvist manual (under
"Security considerations with password authentication"):
... once a user ha
Ian Lance Taylor <[EMAIL PROTECTED]> writes:
> This looks like a serious security problem. It appears to open
> anonymous CVS servers to a wide range of attack.
It looks serious, but not for anonymous-only servers, since anonymous
users can't commit.
The hole here, I think, is that someone who
18 matches
Mail list logo