Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0007617 [Squeak] www.squeak.org block always 03-21-11 02:15 03-21-11 02:17
Reporter matthewf View Status public  
Assigned To
Priority urgent Resolution open Platform
Status new   OS
Projection none   OS Version
ETA none Fixed in Version Product Version
  Product Build
Summary 0007617: Monticello versions in SqueakSource can be overwritten
Description When uploading a .mcz file to SqueakSource, it apparently does no check to see if something is already there by that name, and overwrites it. This is a huge security hole. It means that anybody on the internet with a WebDav client could erase or alter the development history of any open repository (Squeak or pharo inboxes, for instance), and any rogue committer could do it for critical repositories (trunk, pharo).

Short of malice, this can also be done accidentally, and recently happened on the VMMaker project: http://lists.squeakfoundation.org/pipermail/vm-dev/2011-March/007222.html [^]
Steps To Reproduce
Additional Information
Attached Files

- Relationships

There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
03-21-11 02:15 matthewf New Issue
03-21-11 02:15 matthewf Status new => assigned
03-21-11 02:15 matthewf Assigned To  => KarlRamberg
03-21-11 02:16 matthewf Assigned To KarlRamberg =>
03-21-11 02:17 matthewf Status assigned => new


Mantis 1.0.8[^]
Copyright © 2000 - 2007 Mantis Group
32 total queries executed.
27 unique queries executed.
Powered by Mantis Bugtracker