Hi !
I’m using daemontools[1] to manage a few processes on my Debian box.
Among other things, I use it to manage svnserve, because it uses less
memory than Apache.
My /service/svnserve/run looks like this:
#!/bin/sh
su svn -c “/usr/local/bin/svnserve --foreground --daemon --root
/var/svn”
Is it safe for me to run like that ? If an attacker cracks svnserve,
what will they gain access to ? Since I su to svn, will the attacker
gain svn’s authorizations, or will they be able to gain root access ?
Thanks !
François Beausoleil
http://blog.teksol.info/
[1] http://cr.yp.to/daemontools.html
On Apr 12, 2006, at 6:02 PM, Francois B. wrote:
var/svn"
Is it safe for me to run like that ?
Only as safe as svnserve is.
If an attacker cracks svnserve, what will they gain access to ?
Whatever svnserve has access to.
Since I su to svn, will the attacker gain svn’s authorizations, or
will they be able to gain root access ?
They will gain svn’s authorizations. They will be able to gain root
access if there is a n exploitable local privilege escalation
vulnerability.
–
Eric H. - [email protected] - http://blog.segment7.net
This implementation is HODEL-HASH-9600 compliant
http://trackmap.robotcoop.com