On Tue, Jan 4, 2011 at 6:31 PM, Nico Kadel-Garcia <nka...@gmail.com> wrote:
> It's *too* easy. Since the default svnserve.conf is very permissive, > and because default svnserve is on an unprivileged port so any user > can serve anyone else's "readable" repository to outside access, > without the original author's knowledge or explicit consent. Maybe I'm missing something here, but if someone has the ability to log into the server, read the repository, and run arbitrary processes...can't they just make a copy of the repository, create their own svnserve.conf in the copy, and then do exactly the same thing? I'm not sure you're improving your security as much as you think you are just by removing svnserve.conf. Even removing the svnserve binary won't necessarily help if users have access to build tools. If you're really worried about rogue users distributing files in violation of company policy, you're going to have to keep them off the server, at a minimum. That doesn't solve the problem either -- you then have to start worrying about what they do with their working copies -- but it prevents them from running their own rogue Subversion servers, at least. -- David Brodbeck System Administrator, Linguistics University of Washington
