Malcolm Rowe wrote:
> I completely agree with the general comments here, but there's one
> important point I think you're missing: svnserve doesn't need to be root
> to grab any of its resources. You can run it in a chroot now, and just
> start it as the user it should be running as.
To start svnserve you need access to the binary. If there is some
security problem, it might just be possible for some malformed commit to
modify this binary, which could lead to other problems. On the otherhand
if you could start svnserve outside as root and then chroot and drop
privileges in the same process, you wouldn't need the binary inside the
chroot.
I know this scenario is a bit far-fetched, but not far enough to
invalidate the request. I'm a friend of chroots with only data,
preferrably on some noexec-mounted device.
Greetings,
Martin
Received on Thu Jan 18 14:44:00 2007