Richard Hansen wrote on Sat, 12 Apr 2008 at 14:10 -0400:
> Daniel Shahaf wrote:
> > Richard Hansen <rhansen_at_bbn.com> writes:
> > > Our solution: In a nutshell, the wrapper execs "/path/to/svnserve -t
> > > --tunnel-user=<user_that_executed_the_wrapper>". This wrapper is meant to
> > > be installed with the setuid bit set and owned by the user who has
> > > read/write access to the repository database files ('svn'). Thus, when
> > > user 'foo' executes the wrapper, the wrapper runs "/path/to/svnserve -t
> > > --tunnel-user=foo" as user 'svn'. Thus, user 'foo' does not need
> > > read/write access to the repository files, making it harder to bypass the
> > > path-based access controls. The wrapper uses the getlogin() and
> > > getpwuid(getuid()) POSIX functions to fetch the username of the user that
> > > started the wrapper.
> >
> > Richard, are you still interested in contributing your wrapper? If so,
> > could you please post it.
>
> Yes, I still plan on contributing the wrapper. My company needs to finish
> reviewing it (for copyright issues, obvious security bugs, etc.) before I can
> post it. I expect to be able to post it some time next week.
>
Thanks for the update Richard.
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-12 20:22:50 CEST