[HCoop-Discuss] Subversion security issue

Paul Anderson wackyvorlon at gmail.com
Fri Nov 3 13:22:20 EST 2006


On 11/3/06, Adam Chlipala <adamc at hcoop.net> wrote:
>
> I'm proposing that we discontinue all shared support for Subversion
> serving.  Letting members run programs anonymously is too huge a
> security hole, as evidenced by a past break-in (before we banned
> www-data execution) that left us with an extra $100 bandwidth bill that
> we had no idea who to charge to for weeks.
>
svnserve might be helpful:
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html

It appears svnserve can be run in tunnel mode, using -t, and it can
tunnel over an ssh connection.  In this configuration, it will be run
as the owner of the repository.  There are other capabilities it has
that may be useful, although I've not yet fully explored them.

-- 
Paul Anderson
VE3HOP
wackyvorlon at gmail.com
http://www.oldschoolhacker.com




More information about the HCoop-Discuss mailing list