Stefan Sperling wrote on Thu, Dec 30, 2010 at 15:48:16 +0100:
> On Thu, Dec 30, 2010 at 03:32:01PM +0100, Stefan Sperling wrote:
> > On Thu, Dec 30, 2010 at 03:29:11PM +0100, Stefan Sperling wrote:
> > > create-svn-repos.sh:
> > > #!/bin/sh
> > > svnadmin create $1
> > > rm -f $1/conf/svnserve.conf
> >
> > Of course, you would also need to delete svnserve from the system
> > and somehow make sure that no local user can compile their own
> > svnserve binary or copy one from another system.
>
> An even better solution would be to make sure that no normal user
> on the system has read access to any of the repositories.
>
> Well, I guess there are many ways to achieve this, and some caveats.
>
> It would be nice if the outcome of this thread was a document detailing
> requirements and solutions for a secure, apache-only subversion setup
> on a unix system.
Patch the kernel and sshd to look for ra_svn greeting being on every new
network socket and ssh command?
Anyway: what is the attack being prevented here? I gather that for some
reason just saying "The admin won't install svnserve" isn't good enough.
> Employing standard security tricks like a non-privileged
> user jailed in a chroot would be a plus.
> Does someone have the time and energy to put something like this together?
> I would be glad to do review, and help if necessary.
>
> We could then refer to it from the book or even integrate it in the book
> in part or in whole if the author gives permission to license them
> under the Creative Commons Attribution License v2.0.
>
> A similar document for svnserve would also be interesting.
>
> Oh, and if someone has the knowledge of how to do something like
> this on Windows (if that can be considered "secure" in the first place),
> that would also be interesting. But I'm afraid I wouldn't be able to
> help with that.
>
> Stefan
Received on 2010-12-30 16:06:23 CET