From: Karl Fogel <[EMAIL PROTECTED]> Date: 28 Jul 2000 14:01:23 -0500 Ian Lance Taylor <[EMAIL PROTECTED]> writes: > This looks like a serious security problem. It appears to open > anonymous CVS servers to a wide range of attack. It looks serious, but not for anonymous-only servers, since anonymous users can't commit. What if I frob Update.prog? I don't claim to understand all the cases here, but it appears that that will be run by `cvs update'. Ian
- [akr@M17N.ORG: cvs security problem] Ian Lance Taylor
- Re: [akr@M17N.ORG: cvs security problem] Karl Fogel
- Re: [akr@M17N.ORG: cvs security problem] Larry Jones
- Re: [akr@M17N.ORG: cvs security problem] Mike Castle
- Re: [akr@M17N.ORG: cvs security problem] Tanaka Akira
- Re: [akr@M17N.ORG: cvs security problem] Ian Lance Taylor
- Re: [akr@M17N.ORG: cvs security problem] Karl Fogel
- Re: [akr@M17N.ORG: cvs security problem] Michael Richardson
- Re: [akr@M17N.ORG: cvs security problem] Pavel Roskin
- Re: [akr@M17N.ORG: cvs security problem] Larry Jones
- Re: [akr@M17N.ORG: cvs security problem] Pavel Roskin
- Re: [akr@M17N.ORG: cvs security problem] Tanaka Akira
- Re: [akr@M17N.ORG: cvs security problem] Ian Lance Taylor
- Re: [akr@M17N.ORG: cvs security problem] Larry Jones
- Re: [akr@M17N.ORG: cvs security problem] Ian Lance Taylor
- Re: [akr@M17N.ORG: cvs security problem] Ian Lance Taylor