Chris Jensen wrote:
> Hi Dirk,
> I've not much experience with chrooting things, so I can't say much
> about here about how to do it, but here's some other things to think
>> I searched around but did not find any clear advice. Can it be done?
>> Should I better user Apache 2, perhaps also because svnserve cannot
>> deal with IPv6 adresses?
Meanwhile I searched some more... This has turned out to be the 2nd
problem, the first one is wheter svnserver supports IPv6 adresses or
not. Meanwhile, I suspect ist does not and if that's true, I must
use apache instead of svnserve anyway. I found some descriptions about
how to chroot apache2 in the net.
> It depends what why you want to chroot. If you simply don't want to give
> svn users general access to everything via ssh, then apache or chroot
> are both fine ways to do that. (You may also want to check out
> "restricted shell" or rssh which can limit the commands users make over
My intention was to keep a hacker as restricted as possible, if he/she
manages to get into the system via svnserve. Ssh would require to create
user accounts and I don't know about apache yet.
Being rather new to all this, it seemed to me that svnserve could be
safer than apache, because it serves exactly one thing, access to a
subversion repository. And the setup is simpler. I also liked the
authentication mechanisms better. But meanwhile I'm not so convinced
anymore... maybe apache is safer...
> If you're worried about problems with buffer overflows or the like being
> used to gain access to the system via the service, then you still run
> that risk with Apache and if the svn server is holding other sensitive
> data that you don't want svn users to get at, then you should be
> chrooting Apache2 too.
Exactly. That's what I'm concerned about. And yes, if apache2 will be used
as a server for subversion, it will be chrooted.
I was hoping that someone on the mailing list has experience with chrooting
svnserve and can give me a few hints.
Anyway, thank you very much, Chris
To unsubscribe, e-mail: firstname.lastname@example.org
For additional commands, e-mail: email@example.com
Received on Wed Mar 2 00:54:43 2005