[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Bug: svnserve fail to detect it is already running

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: Fri, 09 Jul 2010 16:50:58 -0400

On Fri, 2010-07-09 at 12:45 -0400, Stefan Sperling wrote:
> It's the older Windows systems that will still have problems,
> and I don't think we should be ignoring them (as much as I'd love
> it if everyone just ditched Windows for good).

Is this really a concern on Windows systems? This is basically a
privilege escalation attack, and my understanding is that privilege
separation is rarely used to great effect on Windows servers like it
often is on Unix (such as web hosts).

Put another way: is there really a situation where malware is running on
the same Windows server as an svnserve process where security is not
already irretrievably compromised?
Received on 2010-07-09 22:52:14 CEST

This is an archived mail posted to the Subversion Dev mailing list.