"ken loehr" <kloehr@webmail.bellsouth.net> wrote:
>
> I have found a very disturbing security hole in ClearCase. When I perform a checkout of a file to my view not only is the file copied to my view, but is also made writable in the file system. This is as you can imagine a major hole since now anyone who has access to that machine could MODIFY YOUR SORCE CODE ! I think that Rational should lock the file within the view so that it is writable there and leave the copy in the filesystem read only, then when the file is checked in the changes can apply. This would close this major hole in Clearcases security.
In our experience, the checked-out working copy of the file is placed
in the view storage area with permissions consistent with the most
recent "cleartool protect" (or the user's identity and umask upon
creation) as well as the user's identity and umask upon checkout.
How is that any more risky than putting a writable copy of the file
in the user's home directory, or anywhere else on the LAN?
-- The CEO of my employer requires me to include the following notice in my signature:* This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient, dissemination of this communication is prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. --- Paul M. Sander +1 650 261 5174 | To the medieval era's literate few..., the BroadVision, Inc. | turn of the millenium held a particular alure. 585 Broadway | After all, with the stroke of a quill, the Redwood City, CA 94063 USA | world went from DCCCCLXXXXVIIIJ to...M. | -- Rachel Emma Silverman, Wall St. Journal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This archive was generated by hypermail 2b29 : Sun May 06 2001 - 00:23:20 EDT