[cvsnt] cvs server: Script execution failed: Permission denie d

Glen Starrett grstarrett at cox.net
Wed Jul 16 20:24:30 BST 2003


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


> Never mind. The IS guy found the problem using auditing.
> Execute permissions on "cmd.exe" was disabled for all but
> Admin. Its working now, but the IS guy thinks it could be
> a security hole. He's going to look into that.

Since CVSNT is OSS, you could theoretically:

1) Make a copy of CMD.EXE, called for example, super-secret-cmd.exe.  That
copy would have permissions but CMD not.

2) Change the CVSNT source code to execute super-secret-cmd.exe instead of
cmd.exe when it spawns off the postcommit changes (and commit, taginfo, et.
al.), then compile and install the custom CVSNT server.

However, I don't know if that would be either the best or the easiest
solution.  I do agree that in theory giving more people CMD.EXE access might
not be a good thing, but it's preferrable to lock down the applciations that
users shouldn't get to--locking down CMD.EXE would (I think) cause any
number of apps to fail.

Personally I think I'd just allow the CMD.EXE and make sure the other doors
are closed.  It's a false sense of security locking down CMD if the rest of
the box isn't properly configured since CMD isn't the only way to invoke
processes, and it only let's you do what you otherwise have permissions for
anyway.

Regards,

Glen Starrett



More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook