Oops. Found a security hole (not a major one - but it does let others
explore the directory structure outside your repository...). Try for
example
cvs list ../usr
The solution is of course to add the lines
/* Check the repository path */
if (pathname_levels (argv[0]) > 0)
{
error (0, 0, "`..'-relative repositories are not supported.");
error (1, 0, "illegal source repository");
}
to the very beginning of "list_proc" in "list.c" and
"rlog_list_proc" (Why did I call it this?! Consider it renamed to
"rlog_proc") in "log.c".
Regards,
Alastair.
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
