Re: svnadmin create and not being method agnostic

From: David Brodbeck <brodbd_at_uw.edu>
Date: Wed, 5 Jan 2011 10:59:59 -0800

On Tue, Jan 4, 2011 at 6:31 PM, Nico Kadel-Garcia <nkadel_at_gmail.com> wrote:

> It's *too* easy. Since the default svnserve.conf is very permissive,
> and because default svnserve is on an unprivileged port so any user
> can serve anyone else's "readable" repository to outside access,
> without the original author's knowledge or explicit consent.

Maybe I'm missing something here, but if someone has the ability to log into
the server, read the repository, and run arbitrary processes...can't they
just make a copy of the repository, create their own svnserve.conf in the
copy, and then do exactly the same thing? I'm not sure you're improving
your security as much as you think you are just by removing svnserve.conf.
Even removing the svnserve binary won't necessarily help if users have
access to build tools.

If you're really worried about rogue users distributing files in violation
of company policy, you're going to have to keep them off the server, at a
minimum. That doesn't solve the problem either -- you then have to start
worrying about what they do with their working copies -- but it prevents
them from running their own rogue Subversion servers, at least.

-- 
David Brodbeck
System Administrator, Linguistics
University of Washington

Received on 2011-01-05 20:00:40 CET

This message: [ Message body ]
Next message: David Brodbeck: "Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic"
Previous message: eric.berg_at_barclayscapital.com: "Hooks That Use Perl Test::Builder Having Problems with STDERR"
In reply to: Nico Kadel-Garcia: "Re: svnadmin create and not being method agnostic"
Next in thread: Philip Prindeville: "Re: svnadmin create and not being method agnostic"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]