--- cvs-1.11.1p1/src/modules.c~  Tue Apr 24 19:14:53 2001
+++ cvs-1.11.1p1/src/modules.c   Sun Dec 14 00:23:37 2003
@@ -159,6 +159,17 @@
     }
 #endif
 
+    /* Don't process absolute directories.  Anything else could be a security
+     * problem.  Before this check was put in place:
+     *
+     *   $ cvs -d:fork:/cvsroot co /foo
+     *   cvs server: warning: cannot make directory CVS in /: Permission denied
+     *   cvs [server aborted]: cannot make directory /foo: Permission denied
+     *   $
+     */
+    if (isabsolute (mname))
+        error (1, 0, "Absolute module reference invalid: `%s'", mname);
+
     /* if this is a directory to ignore, add it to that list */
     if (mname[0] == '!' && mname[1] != '\0')
     {