Thanks Florian, The following are now disabled for svn:
"editor-cmd", "diff-cmd", "diff3-cmd", (just added) "config-dir", The following are disabled for svnserve: "daemon", "listen-port", "listen-host", "foreground", "inetd", "threads", "listen-once", The following for rsync: "rsh", "daemon", "rsync-path", (this and below just added) "address", "port", "sockopts", "config", "no-detach", And the following for unison: "-rshcmd", "-sshcmd", "-servercmd", "-addversionno" (just added) Where documented, the respective short options for the above are disabled. I updated the security document to include the changes you recommend, and then a couple of others that come to mind. The latest version of the security document is available here: http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup We'll continue to look at it and see if there is anything else that we missed. Thanks again for the help. --Kaleb On Thursday 06 September 2007, Florian Weimer wrote: > >> Furthermore, in light of comments on the debian list, I just > >> disallowed --editor-cmd, --diff-cmd, and --config-dir... but that still > >> doesn't help with the editor cmd and diff cmd being specified in config > >> files. > > --diff3-cmd is problematic, too. For rsync, you need to disable > daemon mode (at the very least). > > The security guide must mention that you need to lock down > ~/.subversion, ~/.ssh, ~/.unison and maybe a few more directories.
signature.asc
Description: This is a digitally signed message part.
