29 Jul
2005
29 Jul
'05
6:12 p.m.
On Fri, 2005-07-29 at 17:19, "Martin v. Löwis" wrote:
I believe this alone either won't work or won't be good enough (not sure which one): If you have /bin/false as login shell, and still manage to invoke /usr/bin/svnserve remotely, you can likely also invoke /usr/bin/cat /etc/passwd remotely (or download and build the root exploit via ssh).
So you would have restrict the set of valid programs to *only* svnserve. This is possible, but difficult to manage (AFAIK).
I think that's basically right.
- on Linux, my issue is that .subversion is on NFS, so any root user in our net can connect to the file. Therefore, I copy the .p12 file to /tmp/private_dir, and remove the passphrase there. No other machine can read the file (as /tmp is not exported), and the file goes away after machine shutdown latest (as tmp is cleaned on reboot).
I don't think that's true on all Linuxes though (or even all *nixes).
-Barry