[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [LINUX] How to launch svnserve process with another user than 'root' ?

From: Tuncer Ayaz <tuncer.ayaz_at_gmail.com>
Date: 2006-08-30 22:15:01 CEST

On 8/30/06, Steve Fairhead <steve@fivetrees.com> wrote:
> Jim Weir asked:
> >> Is running svn as 'root' a security risk? <<
>
> (From context, you're talking server-side.)
>
> In terms of general Unix security, yes. It's unwise to give any user or
> process more permissions than needed for the job in hand. (Very condensed
> version of several tomes on Unix security.)
>
> Consider: dog forbid that there should be a buffer overflow bug in svnserve.
> A cracker could then craft an attack vector, and take over your box, as
> root. All your bases are belong to them, as they say.
>
> I'm generalising hugely and necessarily; but it's pretty easy to adduser an
> svn or svnowner, and to chown the repository. System security is only as
> good as its weakest link, and that's often the administrator.

when I posted my last reply I did not see your message. there seems to be delay
somewhere in either Google's MXens or tigris.org mailing list server(s).
any opinions?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 30 23:03:04 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.