[HCoop-Discuss] SVN security issues
Adam Chlipala
adamc at hcoop.net
Sat Nov 4 13:15:13 EST 2006
Shaun Kruger wrote:
>I just looked into the hook scripts. If they could be setup with
>setuid bit set they would take on the premissions of the user who owns
>the repository when they run. The next problem is how to force it to
>run setuid the owning user or not at all.
>
>
A bit of context: The security problem was that Apache would run
Subversion commit hook programs as www-data.
More information about the HCoop-Discuss
mailing list