severity 727122 normal
tags 727122 - security
thanks
Hi!
* Bastien ROUCARIÈS <[email protected]> [2013-10-22 15:01:59 CEST]:
> By default gitolite3 install create a test repo (see gitolite.conf)
> repo testing:
> RW+ = @all
That's right.
> This repositionnery is writtable by every one and could lead to distant dos
> (disk full).
No, it's not writable by everyone. It's writable by people whose key
have been added. In that respect the testing repository is no different
attack vector than any other repository you create for giving people
write access.
I agree that creating a testing repository might not be really useful
for the usual installations, and I guess most people have removed that
on their gitolite(3) installation, but that's not a dos attack vector
than any other "regular" repository you grant access to.
Enjoy,
Rhonda
--
Fühlst du dich mutlos, fass endlich Mut, los |
Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los |
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
