Eric Gillespie wrote:
> Richard Hansen <rhansen_at_bbn.com> writes:
>
>> Our solution: In a nutshell, the wrapper execs "/path/to/svnserve -t
>> --tunnel-user=<user_that_executed_the_wrapper>". This wrapper is meant
>> to be installed with the setuid bit set and owned by the user who has
>> read/write access to the repository database files ('svn'). Thus, when
>> user 'foo' executes the wrapper, the wrapper runs "/path/to/svnserve -t
>> --tunnel-user=foo" as user 'svn'. Thus, user 'foo' does not need
>> read/write access to the repository files, making it harder to bypass
>> the path-based access controls. The wrapper uses the getlogin() and
>> getpwuid(getuid()) POSIX functions to fetch the username of the user
>> that started the wrapper.
>
> Have you seen
> http://svn.collab.net/repos/svn/trunk/tools/examples/svnserve-sgid.c ?
I have not; thank you for the pointer. Unfortunately, that code is
insufficient for our needs since it is trivial to bypass the
directory-based access controls (using the '--tunnel-user=otheruser'
argument).
-Richard
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-07 21:44:31 CEST