Re: [SECURITY] [DSA-422-1] multiple CVS improvements

To: debian-qa@lists.debian.org
Subject: Re: [SECURITY] [DSA-422-1] multiple CVS improvements
From: Josip Rodin <joy@srce.hr>
Date: Thu, 15 Jan 2004 01:24:54 +0100
Message-id: <[🔎] 20040115002454.GF13372@keid.carnet.hr>
In-reply-to: <20040113141646.GA29913@wiggy.net>
References: <20040113141646.GA29913@wiggy.net>

On Tue, Jan 13, 2004 at 03:16:46PM +0100, Wichert Akkerman wrote:
> Since CVS performed no checking on what unix account was specified anyone
> who could modify the CVSROOT/passwd could gain access to all local users
> on the CVS server, including root.

I always thought that putting passwd into qa/CVSROOT/checkoutlist was
a bad idea -- good thing we never actually added any read/write pserver
users in there.

-- 
     2. That which causes joy or happiness.

Reply to:

Prev by Date: Re: Next round of ITA checking
Next by Date: Remove vlad from sid?
Previous by thread: Re: Next round of ITA checking
Next by thread: Remove vlad from sid?
Index(es):
- Date
- Thread