Re: [PATCH] svnserve dropping root privileges

From: Martin von Gagern <Martin.vGagern_at_gmx.net>
Date: 2007-01-18 14:43:32 CET

Malcolm Rowe wrote:
> I completely agree with the general comments here, but there's one
> important point I think you're missing: svnserve doesn't need to be root
> to grab any of its resources. You can run it in a chroot now, and just
> start it as the user it should be running as.

To start svnserve you need access to the binary. If there is some
security problem, it might just be possible for some malformed commit to
modify this binary, which could lead to other problems. On the otherhand
if you could start svnserve outside as root and then chroot and drop
privileges in the same process, you wouldn't need the binary inside the
chroot.

I know this scenario is a bit far-fetched, but not far enough to
invalidate the request. I'm a friend of chroots with only data,
preferrably on some noexec-mounted device.

Greetings,
Martin

application/pgp-signature attachment: OpenPGP digital signature

Received on Thu Jan 18 14:44:00 2007

This message: [ Message body ]
Next message: Trent Nelson: "RE: Extend svn:externals to support files (issue 937)"
Previous message: D.J. Heap: "Re: Subversion 1.4.3 tarballs up for testing/signing"
In reply to: Malcolm Rowe: "Re: [PATCH] svnserve dropping root privileges"
Next in thread: Malcolm Rowe: "Re: [PATCH] svnserve dropping root privileges"
Reply: Malcolm Rowe: "Re: [PATCH] svnserve dropping root privileges"
Reply: Max Bowsher: "Re: [PATCH] svnserve dropping root privileges"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]