Re: [PATCH] svnserve dropping root privileges
Martin von Gagern wrote:
> To start svnserve you need access to the binary. If there is some
> security problem, it might just be possible for some malformed commit to
> modify this binary, which could lead to other problems. On the otherhand
> if you could start svnserve outside as root and then chroot and drop
> privileges in the same process, you wouldn't need the binary inside the
> I know this scenario is a bit far-fetched, but not far enough to
> invalidate the request.
This scenario isn't just far-fetched - it's actually wrong. You do *NOT*
need write access to the binary to start it.
Received on Sat Jan 20 12:22:58 2007
This is an archived mail posted to the Subversion Dev