[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnadmin create and not being method agnostic

From: Stefan Sperling <stsp_at_elego.de>
Date: Tue, 28 Dec 2010 18:24:09 +0100

On Tue, Dec 28, 2010 at 12:11:47PM -0500, Nico Kadel-Garcia wrote:
> As Stefan pointes out elsewhere, svnserve will run without an
> svnserve.conf. Perhaps it *shouldn't*, and the default svnserve.conf
> should be published as svnserve.conf.tmpl? That would force manual
> enabling of a service that should not be available by default.

svnserve reads the repository's svnserve.conf file when it receives
a client request concerning this repository. In other words, there is
nothing we can do in the repository-specific svnserve.conf file to prevent
svnserve from starting in the first place.

Also, I don't understand how starting svnserve would help an attacker
since to start svnserve the attacker would already need access to
the system.

Users with shell access to the system can of course run their own
svnserve instance on an unprivileged port (and svnserve runs on an
unprivileged port by default).
There is no way to prevent this. The user might even copy an svnserve
binary from a remote system and run it.
But the same is true for any other network daemon that can be run on
an unprivileged port.

Stefan
Received on 2010-12-28 18:24:59 CET

This is an archived mail posted to the Subversion Users mailing list.