Re: [HCoop-Discuss] SVN security issues

From: Karl Chen <quarl_at_cs.berkeley.edu>
Date: 2006-11-06 11:25:59 CET

>>>>> On 2006-11-06 02:09 PST, Marcus Rueckert writes:

    Marcus> 1. you cant setuid scripts. it would need to be a
    Marcus> binary.
    Marcus> 2. you can have a small script that calls the user
    Marcus> script with sudo e.g. that way you wouldnt need
    Marcus> any stating.

    Marcus> anyway. i would recommend to review any user script
    Marcus> anyway. and only allow the admin team to place new
    Marcus> scripts. no matter if they run as user or not. The
    Marcus> users can do still bad stuff to your server.

Hi Marcus, I may have been unclear, but the issue is www-data not
trusting the user, not that the user wants to run the script as
himself.

You are right that Linux does not allow setuid shebang scripts and
that one solution to that issue is to use sudo, however this does
not solve the issue of not trusting the user.

On this server, all users have regular shell accounts so running
the hook under the user account is OK.

-- 
Karl 2006-11-06 02:21
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Nov 6 11:26:11 2006

This message: [ Message body ]
Next message: Marcus Rueckert: "Re: [HCoop-Discuss] SVN security issues"
Previous message: Marcus Rueckert: "Re: [HCoop-Discuss] SVN security issues"
In reply to: Marcus Rueckert: "Re: [HCoop-Discuss] SVN security issues"
Next in thread: Marcus Rueckert: "Re: [HCoop-Discuss] SVN security issues"
Reply: Marcus Rueckert: "Re: [HCoop-Discuss] SVN security issues"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]