[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [RFC] svn+ssh and authz: alternate method via a simple setuid svnserve wrapper

From: Richard Hansen <rhansen_at_bbn.com>
Date: Sat, 12 Apr 2008 14:10:20 -0400

Daniel Shahaf wrote:
> Richard Hansen <rhansen_at_bbn.com> writes:
>> Our solution: In a nutshell, the wrapper execs "/path/to/svnserve -t
>> --tunnel-user=<user_that_executed_the_wrapper>". This wrapper is meant
>> to be installed with the setuid bit set and owned by the user who has
>> read/write access to the repository database files ('svn'). Thus, when
>> user 'foo' executes the wrapper, the wrapper runs "/path/to/svnserve -t
>> --tunnel-user=foo" as user 'svn'. Thus, user 'foo' does not need
>> read/write access to the repository files, making it harder to bypass
>> the path-based access controls. The wrapper uses the getlogin() and
>> getpwuid(getuid()) POSIX functions to fetch the username of the user
>> that started the wrapper.
> Richard, are you still interested in contributing your wrapper? If so,
> could you please post it.

Yes, I still plan on contributing the wrapper. My company needs to
finish reviewing it (for copyright issues, obvious security bugs, etc.)
before I can post it. I expect to be able to post it some time next week.


To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-12 20:10:35 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.