Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • Some quick ideas (Score:2, Informative)

    by IlyaM (2933) <> on 2002.05.18 12:02 (#8545) Homepage Journal
    Do you run CVS pserver as root? In this case "hacker" could create CVS login entry which can give him/her root rights.

    For example:

    # access CVS as root with alternative password
    # alias some CVS login name to root UID

    Have you checked if commitinfo/loginfo/etc files are not modified. They can be used to run arbitrary code.

    You may want to check if you don't have any rootkits on your computer. Try [].


    Ilya Martynov ( [])

    • Here's the log entry in it's entirety:

      Date:   Saturday May 18, 2002 @ 8:10
      Author: cvs-axkit
      Update of /home/cvs/CVSROOT
      In directory ted:/tmp/cvs-serv32715
      Modified Files:
      Log Message:
      hmm, try that again
      Index: passwd
      RCS file: /home/cvs/CVSROOT/passwd,v
      retrieving revision 1.1
      retrieving revision 1.2
      diff -b -u -r1.1 -r1.2
      --- passwd      2002/05/18 07:06:38