FYI: cvs under redhat possible security concern...

Luke Kenneth Casson Leighton lkcl at
Thu Oct 15 06:49:07 GMT 1998


check that your umask on your _local_ machine isn't set to something like
066: cvs (1.10) uses your umask to set permissions.


On Thu, 15 Oct 1998, Eric Warnke wrote:

> I was just doing a security audit of my redhat system when something
> unusual caught my eye.  When I cvs checkout samba all the files are
> created world writable, and since these files are later run by root, it
> would not be difficult for a malisious user to slip in a trojan horse
> into the source.  Mabye this is just a simple cvs quiestion or a rehdat
> peculariaty, but this could affect alot of sites.
> Any ideas on how to fix this, and I'm not talking chmod -R o-rw *
> Eric Warnke
> Sys Admin, ResNet
> University at Albany, NY
> eric at / ericw at 

<a href="mailto:lkcl at" > Luke Kenneth Casson Leighton  </a>
<a href=""> Samba and Network Development </a>
<a href=""       > Samba and Network Consultancy </a>

More information about the samba-ntdom mailing list