[HCoop-Discuss] Subversion security issue
Adam Chlipala
adamc at hcoop.net
Fri Nov 3 11:23:35 EST 2006
A member has found a security hole in the one shared method that we have
for serving Subversion repositories, Apache's mod_dav_svn. Without
going into detail, with our current configuration, any member can run
any program as www-data. There might be a fix for this particular
problem, but mod_dav_svn was already dodgy for running as www-data and
so encouraging users to make their repositories world-writable to allow
commits.
I'm proposing that we discontinue all shared support for Subversion
serving. Letting members run programs anonymously is too huge a
security hole, as evidenced by a past break-in (before we banned
www-data execution) that left us with an extra $100 bandwidth bill that
we had no idea who to charge to for weeks. This seems unfortunate, but
I don't see any alternative unless we develop our own Subversion
software designed to work in environments of mutually-untrusting users.
Does anyone know of such a package, preferably available in Debian
testing?
More information about the HCoop-Discuss
mailing list