[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: "Flaw" revisited (was: Bug? FSFS revision control)

From: Toby Johnson <toby_at_etjohnson.us>
Date: 2005-01-31 16:30:34 CET

Ryan Schmidt wrote:

> The concern is that if the repository is owned by the apache user,
> then anything running on the web server could modify the repository
> (that is, modify/corrupt/delete the repository files directly). We use
> Apache as a regular web server already, serving web pages for dozens
> of projects, some programmed by us and some not. What if one of these
> projects has a security flaw that allows arbitrary command execution
> as the apache user (such as the recent phpBB bug)?

This is, of course, why web admins such as you make the big bucks. :) As
with most everything else, there is no cut-and-dried solution, but you
must assess your own situation and decide what risks you are willing to
take and whether mitigating those risks is worth the effort or constraints.

You are correct in your assessment of the risks in running everything on
the same Apache server. This is not unique to Subversion, but any
situation where many services are provided using a single username.
Sure, this is terribly convenient, but there are definitely risks. In
this case, it probably boils down to how much you trust/distrust these
other users.

If you are running a public web hosting company, then I would be very
hesitant to even let different users make use of the same Apache
instance, much less your SVN repository. If these other users are
employees of your company, then you can probably be a bit more relaxed
and assume that none of them are going to try to take down your SVN repo
(and besides, you make regular backups anyway). But this picture changes
even more if you store confidential information in your repo. In that
case, even read-only backdoor access could be a big problem (and a legal
liability).

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jan 31 16:33:02 2005

This is an archived mail posted to the Subversion Users mailing list.