Re: tools/examples/svnserve-sgid.c has serious security hole

From: Eric Gillespie <epg_at_pretzelnet.org>
Date: 2006-08-18 02:13:58 CEST

Max Bowsher <maxb1@ukf.net> writes:

> tools/examples/svnserve-sgid.c is a wrapper that arranges to execute
> svnserve with a changed real and effective gid.
>
> Problem: It does not sanitize args at all.
>
> This means that someone can use --tunnel-user to:
> * lie about their identity
> * bypass authz rules
>
> Ouch.

This is for svn+ssh use, where either of two things is true:

1) You have a shell on the host and can run svnserve with any
arguments you like.

2) You do not have a shell on the host, and the administrator
controls the svnserve arguments in the authorized_keys file.

-- 
Eric Gillespie <*> epg@pretzelnet.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Fri Aug 18 02:15:34 2006

This message: [ Message body ]
Next message: C. Michael Pilato: "Re: maintaining a list of svn: revprops"
Previous message: Garrett Rooney: "Re: [PATCH] Client-side Cyrus SASL support"
In reply to: Max Bowsher: "tools/examples/svnserve-sgid.c has *serious* security hole"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

Re: tools/examples/svnserve-sgid.c has *serious* security hole

Re: tools/examples/svnserve-sgid.c has serious security hole