From 8e2371092ecd45f74ab1871d9ebdde300543e4a7 Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 21 Jan 2003 21:58:47 +0000 Subject: This should never have been imported. Nuke from vendor branch. --- contrib/cvs/doc/HACKING.DOCS | 37 ------------------------------------- 1 file changed, 37 deletions(-) delete mode 100644 contrib/cvs/doc/HACKING.DOCS (limited to 'contrib/cvs') diff --git a/contrib/cvs/doc/HACKING.DOCS b/contrib/cvs/doc/HACKING.DOCS deleted file mode 100644 index 079522e..0000000 --- a/contrib/cvs/doc/HACKING.DOCS +++ /dev/null @@ -1,37 +0,0 @@ -Here's some of the texinfo conventions the CVS documentation uses: - -@code{ ... } command usage & command snippets, including - command names. -@var{ ... } variables - text which the user is expected to - replace with some meaningful text of their own - in actual usage. -@file{ ... } file names -@samp{ ... } for most anything else you need quotes around - (often still misused for command snippets) -@example ... @end example example command usage and output, etc. -@emph{ ... } emphasis - warnings, stress, etc. This will be - bracketed by underline characters in info files - (_ ... _) and in italics in PDF & probably in - postscript & HTML. -@noindent Suppresses indentation of the following - paragraph. This can ocassionally be useful - after examples and the like. -@cindex ... Add a tag to the index. -@pxref{ ... } Cross reference in parentheses. -@xref{ ... } Cross reference. - -Preformatted text should be marked as such (use @example... there may be other -ways) since many of the final output formats can use relational fonts otherwise -and marking it as formatted should restrict it to a fixed wiidth font. Keep -this sort of text to 80 characters or less per line since larger may not be -properly viewable for some info users. - -There are dictionary lists and function definition markers. Scan cvs.texinfo -for their usage. There may be table definitions as well but I haven't used -them. - -Use lots of index markers. Scan the index for the current style. Try to reuse -an existing entry if the meaning is similar. - -For more on using texinfo docs, see the `info texinfo' documentation or -http://www.gnu.org/manual/texinfo/texinfo.html . -- cgit v1.1 From 9d868620cc449f8280913c8370568d5b512c779b Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 21 Jan 2003 22:02:26 +0000 Subject: This file is gone on the vendor branch and no longer referenced in the source. --- contrib/cvs/src/options.h | 79 ----------------------------------------------- 1 file changed, 79 deletions(-) delete mode 100644 contrib/cvs/src/options.h (limited to 'contrib/cvs') diff --git a/contrib/cvs/src/options.h b/contrib/cvs/src/options.h deleted file mode 100644 index 6a0219e..0000000 --- a/contrib/cvs/src/options.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 1992, Brian Berliner and Jeff Polk - * Copyright (c) 1989-1992, Brian Berliner - * - * You may distribute under the terms of the GNU General Public License as - * specified in the README file that comes with the CVS source distribution. - * - * This file holds (most of) the configuration tweaks that can be made to - * customize CVS for your site. CVS comes configured for a typical SunOS 4.x - * environment. The comments for each configurable item are intended to be - * self-explanatory. All #defines are tested first to see if an over-riding - * option was specified on the "make" command line. - * - * If special libraries are needed, you will have to edit the Makefile.in file - * or the configure script directly. Sorry. - */ - -/* By default, CVS stores its modules and other such items in flat - text files (MY_NDBM enables this). Turning off MY_NDBM causes CVS - to look for a system-supplied ndbm database library and use it - instead. That may speed things up, but the default setting - generally works fine too. */ - -#ifndef MY_NDBM -#define MY_NDBM -#endif - -/* - * The cvs admin command is restricted to the members of the group - * CVS_ADMIN_GROUP. If this group does not exist, all users are - * allowed to run cvs admin. To disable the cvs admin for all users, - * create an empty group CVS_ADMIN_GROUP. To disable access control - * for cvs admin, comment out the define below. - */ -#ifndef CVS_ADMIN_GROUP -#define CVS_ADMIN_GROUP "cvsadmin" -#endif - -/* - * When locking the repository, some sites like to remove locks and - * assume the program that created them went away if the lock has - * existed for a long time. This used to be the default for previous - * versions of CVS. CVS now attempts to be much more robust, so lock - * files should not be left around by mistake. The new behaviour will - * never remove old locks (they must now be removed by hand). - * Enabling CVS_FUDGELOCKS will cause CVS to remove locks that are - * older than CVSLCKAGE seconds. - * - * Use of this option is NOT recommended. - */ -#ifndef CVS_FUDGELOCKS -/* #define CVS_FUDGELOCKS */ -#endif - -/* Define this to enable the SETXID support. The way to use this is - to create a group with no users in it (except perhaps cvs - administrators), set the cvs executable to setgid that group, chown - all the repository files to that group, and change all directory - permissions in the repository to 770. The last person to modify a - file will own it, but as long as directory permissions are set - right that won't matter. You'll need a system which inherits file - groups from the parent directory (WARNING: using the wrong kind of - system (I think Solaris 2.4 is the wrong kind, for example) will - create a security hole! You will receive no warning other than the - fact that files in the working directory are owned by the group - which cvs is setgid to). - - One security hole which has been reported is that setgid is not - turned off when the editor is invoked--most editors provide a way - to execute a shell, or the user can specify an editor (this one is - large enough to drive a truck through). Don't assume that the - holes described here are the only ones; I don't know how carefully - SETXID has been inspected for security holes. */ -#ifndef SETXID_SUPPORT -/* #define SETXID_SUPPORT */ -#endif - - -/* End of CVS configuration section */ -- cgit v1.1 From 0de1aa939e0bb1831fe5ba20e2afa2fe6d7426ab Mon Sep 17 00:00:00 2001 From: nectar Date: Wed, 21 Jan 2004 16:27:56 +0000 Subject: Incorporate two security fixes from later versions of CVS. From the NEWS file of cvs 1.11.11: * pserver can no longer be configured to run as root via the $CVSROOT/CVSROOT/passwd file, so if your passwd file is compromised, it no longer leads directly to a root hack. Attempts to root will also be logged via the syslog. * Malformed module requests could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Filesystem permissions usually prevent the creation of these misplaced directories, but nevertheless, the CVS server now rejects the malformed requests. Obtained from: ccvs.cvshome.org --- contrib/cvs/src/modules.c | 11 +++++++++++ contrib/cvs/src/server.c | 23 +++++++++++++++++++---- 2 files changed, 30 insertions(+), 4 deletions(-) (limited to 'contrib/cvs') diff --git a/contrib/cvs/src/modules.c b/contrib/cvs/src/modules.c index b161e94..b2ded8d 100644 --- a/contrib/cvs/src/modules.c +++ b/contrib/cvs/src/modules.c @@ -159,6 +159,17 @@ do_module (db, mname, m_type, msg, callback_proc, where, shorten, } #endif + /* Don't process absolute directories. Anything else could be a security + * problem. Before this check was put in place: + * + * $ cvs -d:fork:/cvsroot co /foo + * cvs server: warning: cannot make directory CVS in /: Permission denied + * cvs [server aborted]: cannot make directory /foo: Permission denied + * $ + */ + if (isabsolute (mname)) + error (1, 0, "Absolute module reference invalid: `%s'", mname); + /* if this is a directory to ignore, add it to that list */ if (mname[0] == '!' && mname[1] != '\0') { diff --git a/contrib/cvs/src/server.c b/contrib/cvs/src/server.c index 04d912c..afd88b8 100644 --- a/contrib/cvs/src/server.c +++ b/contrib/cvs/src/server.c @@ -5230,10 +5230,11 @@ error ENOMEM Virtual memory exhausted.\n"); #if defined (HAVE_KERBEROS) || defined (AUTH_SERVER_SUPPORT) || defined (HAVE_GSSAPI) -static void switch_to_user PROTO((const char *)); +static void switch_to_user PROTO((const char *, const char *)); static void -switch_to_user (username) +switch_to_user (cvs_username, username) + const char *cvs_username; /* Only used for error messages. */ const char *username; { struct passwd *pw; @@ -5250,6 +5251,20 @@ error 0 %s: no such user\n", username); error_exit (); } + if (pw->pw_uid == 0) + { +#ifdef HAVE_SYSLOG_H + /* FIXME: Can the IP address of the connecting client be retrieved + * and printed here? + */ + syslog (LOG_DAEMON | LOG_ALERT, + "attempt to root from account: %s", cvs_username + ); +#endif + printf("error 0: root not allowed\n"); + error_exit (); + } + #if HAVE_INITGROUPS if (initgroups (pw->pw_name, pw->pw_gid) < 0 # ifdef EPERM @@ -5824,7 +5839,7 @@ pserver_authenticate_connection () strcpy (Pserver_Repos, repository); /* Switch to run as this user. */ - switch_to_user (host_user); + switch_to_user (username, host_user); free (host_user); free (tmp); free (repository); @@ -6017,7 +6032,7 @@ gserver_authenticate_connection () error (1, errno, "fwrite failed"); } - switch_to_user (buf); + switch_to_user ("GSSAPI", buf); printf ("I LOVE YOU\n"); fflush (stdout); -- cgit v1.1