[scponly] svn support in scponly is unsafe
Kaleb Pederson
kibab at icehouse.net
Tue Sep 4 16:38:38 EDT 2007
Hello,
If you are familiar with rsync and unison and use them with scponly, please
take a look at the comments at the bottom of the bug report and test with the
latest CVS -- specifically options that use configuration files that can't be
identified on the command line. I had trouble finding adequate documentation
on unison, so testing in that area is appreciated.
Aside from specifying which commands might have the right to execute by using
an LD_PRELOAD mechanism, I'm not sure if there is much that can be done.
We have fairly recently refined the rsync support to disallow starting it as a
daemon, and a few other things that could also cause problems, so I believe
it won't accept a config file on the command line, etc., and I believe it to
be safe at this point.
Furthermore, in light of comments on the debian list, I just
disallowed --editor-cmd, --diff-cmd, and --config-dir... but that still
doesn't help with the editor cmd and diff cmd being specified in config
files.
As far as we know, a system secured using the practices set forth in the
security guide will be secure. If there are other best practices that can be
added to it, or you have other suggestions and/or comments, please let us
know.
Thanks.
--Kaleb
On Tuesday 04 September 2007, Joachim Breitner wrote:
> Hi,
>
> please read through:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148
>
> Basically: Allowing svn or svnserve is unsafe.
>
> Greetings,
> Joachim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20070904/09aa9a96/attachment.bin
More information about the scponly
mailing list