[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnadmin create and not being method agnostic

From: Stefan Sperling <stsp_at_elego.de>
Date: Thu, 30 Dec 2010 16:16:38 +0100

On Thu, Dec 30, 2010 at 05:02:55PM +0200, Daniel Shahaf wrote:
> Stefan Sperling wrote on Thu, Dec 30, 2010 at 15:48:16 +0100:
> > It would be nice if the outcome of this thread was a document detailing
> > requirements and solutions for a secure, apache-only subversion setup
> > on a unix system.
> Patch the kernel and sshd to look for ra_svn greeting being on every new
> network socket and ssh command?

Heh. No way, having the kernel peep into packets like that would be a severe
layering violation! :)

> Anyway: what is the attack being prevented here? I gather that for some
> reason just saying "The admin won't install svnserve" isn't good enough.

Yes, that's why any such document should detail requirements.
It should be clear what is being protected, and why.
It should also be clear what is not being protected, and why.

Received on 2010-12-30 16:17:32 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.