From owner-doc-jp-work@jp.FreeBSD.org Wed Feb  5 21:59:05 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id h15Cx5D82224;
	Wed, 5 Feb 2003 21:59:05 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from wasley.bl.mmtr.or.jp (wasley.bl.mmtr.or.jp [210.228.160.21])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with SMTP/inet id h15Cx4J82217
	for <doc-jp-work@jp.FreeBSD.org>; Wed, 5 Feb 2003 21:59:04 +0900 (JST)
	(envelope-from rushani@bl.mmtr.or.jp)
Received: (qmail 18840 invoked from network); 5 Feb 2003 21:59:03 +0900
Received: from unknown (HELO localhost) (61.213.0.21)
  by mx.bl.mmtr.or.jp with SMTP; 5 Feb 2003 21:59:03 +0900
Message-Id: <20030205.215853.10244311.rushani@bl.mmtr.or.jp>
To: doc-jp-work@jp.FreeBSD.org
From: Hideyuki KURASHINA <rushani@bl.mmtr.or.jp>
In-Reply-To: <20030205.044400.78763157.hrs@eos.ocn.ne.jp>
References: <200302041846.h14IkYGD050787@freefall.freebsd.org>
	<20030205.044400.78763157.hrs@eos.ocn.ne.jp>
X-PGP-Public-Key: http://www.bl.mmtr.or.jp/~rushani/rushani.asc
X-PGP-Fingerprint: A052 6F98 6146 6FE3 91E2  DA6B F2FA 2088 439A DC57
X-URL: http://www.bl.mmtr.or.jp/~rushani/
X-Mailer: Mew version 3.1.53 on Emacs 21.2 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
Date: Wed, 05 Feb 2003 21:58:53 +0900
X-Sequence: doc-jp-work 594
Subject: [doc-jp-work 594] Re: FreeBSD Security Advisory
 FreeBSD-SA-03:01.cvs
Errors-To: owner-doc-jp-work@jp.FreeBSD.org
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: rushani@bl.mmtr.or.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+030107

$BARIJ(B@$B?73c$G$9(B.

>>> On Wed, 05 Feb 2003 04:44:00 +0900, Hiroki Sato <hrs@eos.ocn.ne.jp> said:

> $B:4F#!wEl5~M}2JBg3X$G$9!#(B
> 
>  03:01 $B$G$9!#(B

$B$*$D$+$l$5$^$G$9(B.

> I.   $BGX7J(B - Background
> 
> The Concurrent Versions System (CVS) is a version control system.  It
> may be used to access a repository locally, or to access a `remote
> repository' using several different methods, including `ext' (rsh),
> and `pserver' (password-authenticated server).  When accessing a
> remote repository, the target machine runs the CVS server to fulfill
> client requests.
> 
> Concurrent Versions System (CVS) $B$O!"%P!<%8%g%s4IM}%7%9%F%`$N0l$D$G$9!#(B
> CVS $B$G$O!"%j%]%8%H%j(B ($BLuCm(B: CVS $B$G4IM}$5$l$k%G!<%?$NJ]4I>l=j$N$3$H(B) $B$K(B
> $B%m!<%+%k$+$i!"$"$k$$$O%j%b!<%H$G%"%/%;%9$9$k$3$H$,2DG=$G$9!#(B

$B!V%j%]%8%H%j$K%j%b!<%H$G%"%/%;%9$9$k$3$H$,!W$C$F$A$g$C$H$D$J$,$j$,(B
$BIT<+A3$J5$$,$7$^$9(B. $B!V$"$k$$$O%j%b!<%H$+$i%"%/%;%9$9$k$3$H$,!D!W$G$O(B
$B$I$&$G$7$g$&(B.

> $B%j%b!<%H$G%"%/%;%9$9$kJ}K!$K$O!"(B`ext' (rsh) $B$d(B `pserver' ($B%Q%9%o!<%I(B
> $BG'>Z%5!<%P(B) $B$J$I!"$$$/$D$+$"$j$^$9!#%j%b!<%H$N%j%]%8%H%j$K%"%/%;%9$9$k(B
> $B>l9g!"%/%i%$%"%s%H$+$i$NMW5a$r=hM}$9$k$?$a$K!"%"%/%;%9@h$N%^%7%s$G$O(B
> CVS $B%5!<%P$,<B9T$5$l$^$9!#(B

src/contrib/cvs/src/client.c (revision 1.4) $B$NJQ99$K$h$k$H(B,
(FreeBSD $B$@$1$NOC$r$9$k$J$i(B) cvs(1) $B$O0lG/6a$/A0$+$i%G%U%)%k%H$G$O(B
rsh $B$G$O$J$/(B ssh $B$r;H$C$F$^$9$h$M(B. $B$3$N$3$H$r(B

  $B%j%b!<%H$G%"%/%;%9$9$kJ}K!$K$O!"(B`ext' (rsh ($BLuCm(B: $B$^$?$O(B ssh))

$B$J$I$HDI2C$G$-$?$i$$$$$+$J$!$H;W$$$^$9(B.

> III. $B1F6AHO0O(B - Impact
[...]
> privileges of the CVS server.  The impact is most severe when running
> the CVS server in `pserver' mode to provide read-only access to the
> world (anoncvs).
[...]
> $BITFCDjB??t$KFI$_$H$j@lMQ%"%/%;%9$rDs6!$9$kL\E*$G(B
> CVS $B%5!<%P$r(B `pserver' $B%b!<%I$GF0$+$7$F$$$k>l9g!"$3$NLdBj$N1F6A$OHs>o$K(B
> $B?<9o$J$b$N$K$J$j$^$9(B

anoncvs $B$H$$$&C18l$,H4$1$F$^$9(B. anoncvs $B$G%=!<%9$r<h$C$FMh$k?M$b$$$k(B
$B$G$7$g$&$+$i(B, $B$3$NMQ8l$O$"$C$?J}$,$$$$$H;W$$$^$9(B.

-- rushani
