svn: svnserve in -t svn+ssh mode does not use config/authz access security
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
subversion (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: subversion
In all versions of subversion.
Subversion offers various methods to access the repository, including standard svn:// , also file://
and also svn+ssh.
In svn+ssh access mode, when using ssh public keys (so svnserve -t), the config/authz config access of SVN repository is ignored!
1. this can be surprising behaviour
2. this (using only ssh unix user permission) does not offer same fine-granularity as config/authz
Especially, if someone makes one unix user, and uses pubkeys with -tunel-user so that all developers will ssh into one unix account like svndevel@server, and depending on the ssh key used to login svn user is selected.
In such scenario it will be not at all possible to allow access to only given repos or easly switch all configs around, making new unix users and setting everything up the hard way.
This is not so very clearly documented, this matter is not very obvious even to experiences svn users as I see from talking with few over last months.
Perhaps this can be even considered a security risk, because, switching access method suddenly silently ignores the most obvious-to-use security config file (authz in svn repo dir).
There is no work around, even with scripting, because there is no READ-ACCESS hook, so you could secure only write accesses.
visibility: | private → public |
Removed security tag, I guess it will not be seen as clearly security bug anyway here.