Date: Wed, 21 Jan 2004 08:27:57 -0800 (PST) From: Jacques Vidrine <nectar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/cvs/src modules.c server.c Message-ID: <200401211627.i0LGRvUS089121@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
nectar 2004/01/21 08:27:57 PST
FreeBSD src repository
Modified files: (Branch: CYCLIC)
contrib/cvs/src modules.c server.c
Log:
Incorporate two security fixes from later versions of CVS.
From the NEWS file of cvs 1.11.11:
* pserver can no longer be configured to run as root via the
$CVSROOT/CVSROOT/passwd file, so if your passwd file is
compromised, it no longer leads directly to a root hack. Attempts
to root will also be logged via the syslog.
* Malformed module requests could cause the CVS server to attempt
to create directories and possibly files at the root of the
filesystem holding the CVS repository. Filesystem permissions
usually prevent the creation of these misplaced directories, but
nevertheless, the CVS server now rejects the malformed requests.
Obtained from: ccvs.cvshome.org
Revision Changes Path
1.1.1.9 +11 -0 src/contrib/cvs/src/modules.c
1.1.1.14 +19 -4 src/contrib/cvs/src/server.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401211627.i0LGRvUS089121>