Stefan Sperling wrote on Thu, Dec 30, 2010 at 15:48:16 +0100: > On Thu, Dec 30, 2010 at 03:32:01PM +0100, Stefan Sperling wrote: > > On Thu, Dec 30, 2010 at 03:29:11PM +0100, Stefan Sperling wrote: > > > create-svn-repos.sh: > > > #!/bin/sh > > > svnadmin create $1 > > > rm -f $1/conf/svnserve.conf > > > > Of course, you would also need to delete svnserve from the system > > and somehow make sure that no local user can compile their own > > svnserve binary or copy one from another system. > > An even better solution would be to make sure that no normal user > on the system has read access to any of the repositories. > > Well, I guess there are many ways to achieve this, and some caveats. > > It would be nice if the outcome of this thread was a document detailing > requirements and solutions for a secure, apache-only subversion setup > on a unix system.
Patch the kernel and sshd to look for ra_svn greeting being on every new network socket and ssh command? Anyway: what is the attack being prevented here? I gather that for some reason just saying "The admin won't install svnserve" isn't good enough. > Employing standard security tricks like a non-privileged > user jailed in a chroot would be a plus. > Does someone have the time and energy to put something like this together? > I would be glad to do review, and help if necessary. > > We could then refer to it from the book or even integrate it in the book > in part or in whole if the author gives permission to license them > under the Creative Commons Attribution License v2.0. > > A similar document for svnserve would also be interesting. > > Oh, and if someone has the knowledge of how to do something like > this on Windows (if that can be considered "secure" in the first place), > that would also be interesting. But I'm afraid I wouldn't be able to > help with that. > > Stefan