[HCoop-Discuss] SVN security issues
Max Bowsher
maxb1 at ukf.net
Tue Nov 7 16:40:06 EST 2006
Karl Chen wrote:
>>>>>> On 2006-11-06 02:45 PST, Marcus Rueckert writes:
>
> Marcus> with my proposal the default hook script would be a
> Marcus> stub that calls the actual hook script with "sudo" so
> Marcus> the www-data part is pretty trivial. Shouldnt this
> Marcus> solve your issue?
>
> It is a workaround, but it requires that the repository be owned
> by root rather than the user, and for a number of reasons is more
> complicated than adding a configurable exec helper to Subversion.
I do not understand why a solution based on sudo forces root ownership.
IIRC, the problem scenario is that www-data needs to run hooks under the
UID of a human user? In that case, would it not be possible to give
www-data selective sudo access to run, say,
/repository/hooks/post-commit.body, and have
/repository/hooks/post-commit being a script which uses sudo to invoke
post-commit.body ?
Max.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: OpenPGP digital signature
Url : http://lists.hcoop.net/pipermail/hcoop-discuss/attachments/20061107/eeb4762b/attachment.pgp
More information about the HCoop-Discuss
mailing list