Follow-up Comment #5, sr #572 (project savane):
By server, I mean at least system.
The justification is simple: a server on which you provide shell account is
highly subject to crack attempts. If someday one of these attemps success,
you'll have the main server compromised (so probably also the database), not
only a specific server running a specific service.
And if you provide www on the same system that host services like cvs, it
means that you'll have a lot of software installed on this system, not what
is stricly necessary for cvs, making easier the cracker job. Also, if a hole
appears in Savane web interface or PHP, it would be quite annoying that it
may have any impact on repositories.
While I think quite extreme to provide a chroot per project per SCM (high
cost in hard disk and memory usage, as I think there's no shared memory
benefits and alike), I think all distinct services should run on a specific
server / chroot, so it's easy to isolate possible compromise, easy to limit
compromises risks and consequences.
_______________________________________________________
Reply to this item at:
<http://gna.org/support/?func=detailitem&item_id=572>
_______________________________________________
Message post� via/par Gna!
http://gna.org/
_______________________________________________
Savane-dev mailing list
[email protected]
https://mail.gna.org/listinfo/savane-dev
