[HCoop-Discuss] Subversion security issue
Omry Yadan
omry at yadan.net
Fri Nov 3 14:10:19 EST 2006
Paul Anderson wrote:
> On 11/3/06, Adam Chlipala <adamc at hcoop.net> wrote:
>
>> I'm proposing that we discontinue all shared support for Subversion
>> serving. Letting members run programs anonymously is too huge a
>> security hole, as evidenced by a past break-in (before we banned
>> www-data execution) that left us with an extra $100 bandwidth bill that
>> we had no idea who to charge to for weeks.
>>
>>
> svnserve might be helpful:
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html
>
> It appears svnserve can be run in tunnel mode, using -t, and it can
> tunnel over an ssh connection. In this configuration, it will be run
> as the owner of the repository. There are other capabilities it has
> that may be useful, although I've not yet fully explored them.
>
>
This is true - svnserve can run in tunnel mode over ssh, and also as a
standalone non-http server (port 3690 is the default port).
personally I like to run it under http because I noticed that my
download was much slower over svn:// protocol, probably due to traffic
shaping at rush hour on my ISP.
an alternative solution is to run a local apache as yourself, and proxy
to it from the shared one.
More information about the HCoop-Discuss
mailing list