[cvsnt] Re: SECURITY BUG IN PSERVER

River river at ptt.yu
Mon Aug 11 08:10:43 BST 2003


My apologies.

I just downloaded 2.0.8 and there everything is OK.
But in 2.1.1 is not. Sorry guys you have the rights to play with development
versions.

River
Intertele AG

"River" <river at ptt.yu> wrote in message
news:bh7edu$9bo$1 at sisko.local.nodomain.org...
> I posted this some time ago for version 2.0.4. Now I installed 2.1.1 and
> still the same bug
>
> If I set up repository with pserver authentication, by using admin file,
> passwd file and create 2 users, one that is administrator (river), and one
> that is user (ruser) .
>
> Next I can log on to server with administrator login (river) and I add one
> new user foo using cvs passwd -a foo
>
> Next I log of , and then log again using normal user password (ruser).
>
> If I try to add new user I got error that only admins can add users, but
IF
> I TRY TO DELETE USER USING
>
>  cvs passwd -X foo
>
> I WILL BE ABLE TO DO IT.
>
> Can somebody please help about this. Maby I'm wrong with my configuration,
> but if so, please help me.
>
>




More information about the cvsnt mailing list