Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0007617 [Squeak] www.squeak.org block always 03-21-11 02:15 03-21-11 02:17
Reporter matthewf View Status public  
Assigned To
Priority urgent Resolution open  
Status new   Product Version
Summary 0007617: Monticello versions in SqueakSource can be overwritten
Description When uploading a .mcz file to SqueakSource, it apparently does no check to see if something is already there by that name, and overwrites it. This is a huge security hole. It means that anybody on the internet with a WebDav client could erase or alter the development history of any open repository (Squeak or pharo inboxes, for instance), and any rogue committer could do it for critical repositories (trunk, pharo).

Short of malice, this can also be done accidentally, and recently happened on the VMMaker project: http://lists.squeakfoundation.org/pipermail/vm-dev/2011-March/007222.html [^]
Additional Information
Attached Files

- Relationships

There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
03-21-11 02:15 matthewf New Issue
03-21-11 02:15 matthewf Status new => assigned
03-21-11 02:15 matthewf Assigned To  => KarlRamberg
03-21-11 02:16 matthewf Assigned To KarlRamberg =>
03-21-11 02:17 matthewf Status assigned => new


Mantis 1.0.8[^]
Copyright © 2000 - 2007 Mantis Group
32 total queries executed.
27 unique queries executed.
Powered by Mantis Bugtracker