misc/78036: CVSUP ignores chflags
Johannes Weiner
hnaz at buetow.org
Thu Feb 24 18:10:19 GMT 2005
>Number: 78036
>Category: misc
>Synopsis: CVSUP ignores chflags
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 24 18:10:18 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Johannes Weiner
>Release: 5.3-STABLE
>Organization:
>Environment:
FreeBSD paranoise 5.3-STABLE FreeBSD 5.3-STABLE #2:
Tue Feb 22 23:09:46 CET 2005 root at paranoise:/usr/src/sys/i386/compile/PARANOISE
i386
>Description:
CVSUP seems to ignore file chflags. I set a schg flag on a file to protect from being updated by cvsup, but the file still gets updated.
I'm aware of the refuse system for cvsup now, but I think this is a security bug anyway.
[Bossmc can confirm and reproduce this also]
>How-To-Repeat:
echo foo > /usr/src/sys/bar
chflags schg /usr/src/sys/bar
then run cvsup for src-all with option 'delete' and /usr/src/sys/bar will be deleted.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list