[HCoop-Discuss] SVN security issues
Karl Chen
quarl at cs.berkeley.edu
Mon Nov 6 05:25:59 EST 2006
>>>>> On 2006-11-06 02:09 PST, Marcus Rueckert writes:
Marcus> 1. you cant setuid scripts. it would need to be a
Marcus> binary.
Marcus> 2. you can have a small script that calls the user
Marcus> script with sudo e.g. that way you wouldnt need
Marcus> any stating.
Marcus> anyway. i would recommend to review any user script
Marcus> anyway. and only allow the admin team to place new
Marcus> scripts. no matter if they run as user or not. The
Marcus> users can do still bad stuff to your server.
Hi Marcus, I may have been unclear, but the issue is www-data not
trusting the user, not that the user wants to run the script as
himself.
You are right that Linux does not allow setuid shebang scripts and
that one solution to that issue is to use sudo, however this does
not solve the issue of not trusting the user.
On this server, all users have regular shell accounts so running
the hook under the user account is OK.
--
Karl 2006-11-06 02:21
More information about the HCoop-Discuss
mailing list