FYI: cvs under redhat possible security concern...

Eric Warnke eric at dt06q2n53.nycap.rr.com
Thu Oct 15 05:02:38 GMT 1998


I was just doing a security audit of my redhat system when something
unusual caught my eye.  When I cvs checkout samba all the files are
created world writable, and since these files are later run by root, it
would not be difficult for a malisious user to slip in a trojan horse
into the source.  Mabye this is just a simple cvs quiestion or a rehdat
peculariaty, but this could affect alot of sites.

Any ideas on how to fix this, and I'm not talking chmod -R o-rw *

Eric Warnke
Sys Admin, ResNet
University at Albany, NY
eric at snowmoon.com / ericw at albany.edu 



More information about the samba-ntdom mailing list