[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] svnserve dropping root privileges

From: Martin von Gagern <Martin.vGagern_at_gmx.net>
Date: 2007-01-18 14:43:32 CET

Malcolm Rowe wrote:
> I completely agree with the general comments here, but there's one
> important point I think you're missing: svnserve doesn't need to be root
> to grab any of its resources. You can run it in a chroot now, and just
> start it as the user it should be running as.

To start svnserve you need access to the binary. If there is some
security problem, it might just be possible for some malformed commit to
modify this binary, which could lead to other problems. On the otherhand
if you could start svnserve outside as root and then chroot and drop
privileges in the same process, you wouldn't need the binary inside the
chroot.

I know this scenario is a bit far-fetched, but not far enough to
invalidate the request. I'm a friend of chroots with only data,
preferrably on some noexec-mounted device.

Greetings,
 Martin

Received on Thu Jan 18 14:44:00 2007

This is an archived mail posted to the Subversion Dev mailing list.