On Tue, Dec 28, 2010 at 12:11:47PM -0500, Nico Kadel-Garcia wrote:
> As Stefan pointes out elsewhere, svnserve will run without an
> svnserve.conf. Perhaps it *shouldn't*, and the default svnserve.conf
> should be published as svnserve.conf.tmpl? That would force manual
> enabling of a service that should not be available by default.
svnserve reads the repository's svnserve.conf file when it receives
a client request concerning this repository. In other words, there is
nothing we can do in the repository-specific svnserve.conf file to prevent
svnserve from starting in the first place.
Also, I don't understand how starting svnserve would help an attacker
since to start svnserve the attacker would already need access to
Users with shell access to the system can of course run their own
svnserve instance on an unprivileged port (and svnserve runs on an
unprivileged port by default).
There is no way to prevent this. The user might even copy an svnserve
binary from a remote system and run it.
But the same is true for any other network daemon that can be run on
an unprivileged port.
Received on 2010-12-28 18:24:59 CET