On Tue, 29 Oct 2002 18:45, Tom wrote:
> On Tue, Oct 29, 2002 at 12:09:30PM -0500, Stephen Smalley wrote:
> > > The main reason for giving the client tools a domain was to unify
> > > server and client access, i.e. set up the repository so that it can
> > > only be accessed by the proper tools. As with CVS, tampering directly
> > > with the repository will corrupt it.
> >
> > It would offer some limited integrity protection in terms of ensuring
> > that the transactions on the repository are well-formed (i.e. only
> > permitting transactions implemented via svn, svnlock, or svnadmin
> > commands). But it
>
> Correct. It protects from mistakes, not malicious intent.
>
> I still see the value in it, especially given that Subversion is still
> in development - who knows what kinds of access controls and other fine
> print the team might still add? Running in its own domain, the policy
> is ready for whatever they come up with.

I suggest that you contact the Subversion developers and ask their opinion on what the security policy should be. Of course we won't necessarily accept what they say, but it will be useful to get some input from them.

> Also, I may think about restricting _local_ access for these tools,
> because they are connecting outwards to potentially hacked and/or
> malicious servers.

True. Of course if you download, compile, and run code from a potentially hacked server then an exploit of a Subversion bug is the least of your worries...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.