Re: svnadmin create and not being method agnostic

From: Stefan Sperling <stsp_at_elego.de>
Date: Thu, 30 Dec 2010 16:16:38 +0100

On Thu, Dec 30, 2010 at 05:02:55PM +0200, Daniel Shahaf wrote:
> Stefan Sperling wrote on Thu, Dec 30, 2010 at 15:48:16 +0100:
> > It would be nice if the outcome of this thread was a document detailing
> > requirements and solutions for a secure, apache-only subversion setup
> > on a unix system.
>
> Patch the kernel and sshd to look for ra_svn greeting being on every new
> network socket and ssh command?

Heh. No way, having the kernel peep into packets like that would be a severe
layering violation! :)

> Anyway: what is the attack being prevented here? I gather that for some
> reason just saying "The admin won't install svnserve" isn't good enough.

Yes, that's why any such document should detail requirements.
It should be clear what is being protected, and why.
It should also be clear what is not being protected, and why.

Stefan
Received on 2010-12-30 16:17:32 CET

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: File Obstructed by Symbolic Link Prevents Submitting Unrelated Changelists"
Previous message: Daniel Shahaf: "Re: svnadmin create and not being method agnostic"
In reply to: Daniel Shahaf: "Re: svnadmin create and not being method agnostic"
Next in thread: Bob Archer: "RE: svnadmin create and not being method agnostic"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]