[HCoop-Discuss] SVN security issues

Paul Anderson wackyvorlon at gmail.com
Sat Nov 4 16:30:50 EST 2006


On 11/4/06, Shaun Kruger <shaun.kruger at gmail.com> wrote:
>
> I just looked into the hook scripts.  If they could be setup with
> setuid bit set they would take on the premissions of the user who owns
> the repository when they run.
>
Would not anyone on the system be able to run those scripts, though?
They would need to have group www-data, and not be world executable.

Adam:  I hate to say it, but I'm starting to think that we really need
to implement ACLs here.  The UNIX permissions are great, but they're
just too coarse grained for what we're doing.

-- 
Paul Anderson
VE3HOP
wackyvorlon at gmail.com
http://www.oldschoolhacker.com




More information about the HCoop-Discuss mailing list