From owner-cvs-src@FreeBSD.ORG Mon Jan 26 12:06:00 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E69BE16A4CE; Mon, 26 Jan 2004 12:05:59 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67E7A43D48; Mon, 26 Jan 2004 12:05:57 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 0DDC35489C; Mon, 26 Jan 2004 14:05:57 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id A76476D455; Mon, 26 Jan 2004 14:05:56 -0600 (CST) Date: Mon, 26 Jan 2004 14:05:56 -0600 From: "Jacques A. Vidrine" To: "Bruce A. Mah" Message-ID: <20040126200556.GB76044@madman.celabo.org> References: <200401260008.i0Q08cIl014780@repoman.freebsd.org> <20040126000922.GA6102@madman.celabo.org> <20040126004123.GJ53344@elvis.mu.org> <20040126125638.GC9772@madman.celabo.org> <4015377A.3000609@freebsd.org> <20040126165039.GC98500@intruder.kitchenlab.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040126165039.GC98500@intruder.kitchenlab.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: src-committers@freebsd.org cc: re@freebsd.org cc: cvs-src@freebsd.org cc: Alfred Perlstein cc: Scott Long cc: cvs-all@freebsd.org cc: Xin LI Subject: Re: cvs commit: src/contrib/cvs/src server.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2004 20:06:00 -0000 On Mon, Jan 26, 2004 at 08:50:39AM -0800, Bruce A. Mah wrote: > If memory serves me right, Scott Long wrote: > > [Lots of context snipped.] > > > I guess this means that an UPDATING entry is in order, along with some > > special words in the release notes. Bruce? > > Added this to the release notes...someone feel free to correct me if > further details are needed or if I got anything wrong (caffeine hasn't > kicked in yet this morning). Um, I feel there has been some misunderstanding here that might explain why some folks were bent out of shape about this change for 5.2.1. CVS ChangeLog and my commit message: * pserver can no longer be configured to run as root via the $CVSROOT/CVSROOT/passwd file, so if your passwd file is compromised, it no longer leads directly to a root hack. Attempts to root will also be logged via the syslog. Bruce's relnotes blurb: + &new.521; Two security fixes for CVS (one + related to pserver operation and the other dealing with + malformed module requests) have been backported from later + versions. One side effect of this update is that running + pserver as root (a configuration that was + already unsupported and insecure) no longer works. + A comment from Xin Li: : I think he may mean the configuration in /etc/inetd.conf, circa line 63, : where the example shows how to run cvs pserver as root. I think that `run as root' has been misinterpreted by some. This change does *NOT* suddenly make an inetd.conf configuration line like the following stop working: cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here pserver Rather, the change disables lines like the following in $CVSROOT/CVSROOT/passwd: luser:bxOZZuQd4CoXs:root Without this fix, one who can modify $CVSROOT/CVSROOT/passwd would be able to gain root access. Cheers, -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se