Re: [HCoop-Discuss] SVN security issues

From: Marcus Rueckert <darix_at_web.de>
Date: 2006-11-06 11:45:09 CET

On 2006-11-06 02:25:59 -0800, Karl Chen wrote:
> Hi Marcus, I may have been unclear, but the issue is www-data not
> trusting the user, not that the user wants to run the script as
> himself.

why is this an issue? in a clean setup neither www-data nor the user
should be able to write _any_ hook scripts. so now we have all hook
scripts are owned by root. that means every hook script got a review.
no hook script is writable during the execution of the script.

so the only remaining attack vector might be "sudo".

> You are right that Linux does not allow setuid shebang scripts and
> that one solution to that issue is to use sudo, however this does
> not solve the issue of not trusting the user.
>
> On this server, all users have regular shell accounts so running
> the hook under the user account is OK.

with my proposal the default hook script would be a stub that calls the
actual hook script with "sudo" so the www-data part is pretty trivial.
Shouldnt this solve your issue?

darix

-- 
           openSUSE - SUSE Linux is my linux
               openSUSE is good for you
                   www.opensuse.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Nov 6 11:45:23 2006

This message: [ Message body ]
Next message: Erik Huelsmann: "Re: Caching text-size in the entries file"
Previous message: Karl Chen: "Re: [HCoop-Discuss] SVN security issues"
In reply to: Karl Chen: "Re: [HCoop-Discuss] SVN security issues"
Next in thread: Karl Chen: "Re: [HCoop-Discuss] SVN security issues"
Reply: Karl Chen: "Re: [HCoop-Discuss] SVN security issues"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]