diff -urN cvs-nserver-1.11.1.52.org/src/modules.c cvs-nserver-1.11.1.52/src/modules.c
--- cvs-nserver-1.11.1.52.org/src/modules.c	2004-05-23 02:51:33.243861768 +0200
+++ cvs-nserver-1.11.1.52/src/modules.c	2004-05-23 03:11:37.243825952 +0200
@@ -159,6 +159,24 @@
     }
 #endif
 
+    /* Don't process absolute directories.  Anything else could be a security
+     * problem.  Before this check was put in place:
+     *
+     *   $ cvs -d:fork:/cvsroot co /foo
+     *   cvs server: warning: cannot make directory CVS in /: Permission denied
+     *   cvs [server aborted]: cannot make directory /foo: Permission denied
+     *   $
+     */
+    if (isabsolute (mname))
+       error (1, 0, "Absolute module reference invalid: `%s'", mname);
+
+    /* Similarly for directories that attempt to step above the root of the
+     * repository.
+     */
+    if (pathname_levels (mname) > 0)
+       error (1, 0, "up-level in module reference (`..') invalid: `%s'.",
+               mname);
+
     /* if this is a directory to ignore, add it to that list */
     if (mname[0] == '!' && mname[1] != '\0')
     {
diff -urN cvs-nserver-1.11.1.52.org/src/client.c cvs-nserver-1.11.1.52/src/client.c
--- cvs-nserver-1.11.1.52.org/src/client.c	2004-05-23 02:51:33.285855384 +0200
+++ cvs-nserver-1.11.1.52/src/client.c	2004-05-23 03:18:06.134705552 +0200
@@ -663,6 +663,18 @@
     char *rdirp;
     int reposdirname_absolute;
 
+    /* For security reasons, if PATHNAME is absolute or attemps to ascend
+     * outside of the current sanbbox, we abort.  The server should not send us
+     * anything but relative paths which remain inside the sandbox here.
+     * Anything less means a trojan CVS server could create and edit arbitrary
+     * files on the client.
+     */
+    if (isabsolute (pathname) || pathname_levels (pathname) > 0)
+    {
+	error (0, 0, "Server attempted to update a file via an invalid pathname:");
+	error (1, 0, "`%s'.", pathname);
+    }
+
     reposname = NULL;
     read_line (&reposname);
     assert (reposname != NULL);