[prev in list] [next in list] [prev in thread] [next in thread]
List: fossil-users
Subject: Re: [fossil-users] Using Fossil with Apache Proxy
From: David Mason <dmason () ryerson ! ca>
Date: 2017-10-25 14:30:31
Message-ID: CALFgxqD95Jc3bN6Zj_in-NZar_TyzJbnvnY_45dSHT5OXfqrXQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I've found a few minor things that make fossil less flexible than it could
be.
1) SQLITE_DEFAULT_FILE_PERMISSIONS is set to 0644 where I would argue that
it should be 0666, because it is masked by umask anyway. It was surprising
to me when I set umask to 7 and then created a fossil that ended up with
640 permissions. Of course, one can simply chmod g+w, but it's a surprise.
2) enter_chroot_jail should only be called if running as root, because the
semantics of setgid/setuid are tricky when running as a (non-root)
setuid/setgid program (see http://unixpapa.com/incnote/setuid.html if you
doubt me!). In my case I end up unable to read the repo, so cannot
initialize it properly. This is also solvable, although not so easily.
Sorry, I wrote this a while ago, and I've worked around the issues, but it
would be nice if they were resolved.
../Dave
On 28 September 2017 at 16:04, Richard Hipp <drh@sqlite.org> wrote:
> On 9/28/17, David Mason <dmason@ryerson.ca> wrote:
> >
> > Last question for a while: in clone.c line 104 it says to use %40, %2f
> and
> > %3a for special characters in the userid and password (for obvious
> > reasons). Are there any other restrictions on the repo name or other
> parts
> > of the URL?
>
> Note that I recall. But there might be some that I've forgotten about.
>
> As a security precaution in your system, I think you would do well to
> restrict repo names to begin with an alphanumeric, end with ".fossil",
> and contain no characters other than alphanumerics, '.', '_', and '-'.
> Maybe also only allow a single '.', specifically the one that occurs
> on the ".fossil" suffix.
> --
> D. Richard Hipp
> drh@sqlite.org
> _______________________________________________
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
[Attachment #5 (text/html)]
<div dir="ltr">I've found a few minor things that make fossil less flexible than \
it could be.<br><br><div>1) SQLITE_DEFAULT_FILE_<wbr>PERMISSIONS is set to 0644 where \
I would argue that it should be 0666, because it is masked by umask anyway. It was \
surprising to me when I set umask to 7 and then created a fossil that ended up with \
640 permissions. Of course, one can simply chmod g+w, but it's a \
surprise.<div><br></div><div>2) enter_chroot_jail should only be called if running as \
root, because the semantics of setgid/setuid are tricky when running as a (non-root) \
setuid/setgid program (see <a href="http://unixpapa.com/incnote/setuid.html" \
target="_blank">http://unixpapa.com/incnote/<wbr>setuid.html</a> if you doubt me!). \
In my case I end up unable to read the repo, so cannot initialize it properly. This \
is also solvable, although not so easily.<br></div></div><div><br></div><div>Sorry, I \
wrote this a while ago, and I've worked around the issues, but it would be nice \
if they were resolved.</div><div><br></div><div>../Dave</div><div><br></div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On 28 September 2017 at 16:04, \
Richard Hipp <span dir="ltr"><<a href="mailto:drh@sqlite.org" \
target="_blank">drh@sqlite.org</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><span class="">On 9/28/17, David Mason <<a \
href="mailto:dmason@ryerson.ca">dmason@ryerson.ca</a>> wrote:<br> ><br>
</span><span class="">> Last question for a while: in clone.c line 104 it says to \
use %40, %2f and<br> > %3a for special characters in the userid and password (for \
obvious<br> > reasons). Are there any other restrictions on the repo name or other \
parts<br> > of the URL?<br>
<br>
</span>Note that I recall. But there might be some that I've forgotten \
about.<br> <br>
As a security precaution in your system, I think you would do well to<br>
restrict repo names to begin with an alphanumeric, end with ".fossil",<br>
and contain no characters other than alphanumerics, '.', '_', and \
'-'.<br> Maybe also only allow a single '.', specifically the one \
that occurs<br> on the ".fossil" suffix.<br>
<span class="im HOEnZb">--<br>
D. Richard Hipp<br>
<a href="mailto:drh@sqlite.org">drh@sqlite.org</a><br>
</span><div class="HOEnZb"><div \
class="h5">______________________________<wbr>_________________<br> fossil-users \
mailing list<br> <a href="mailto:fossil-users@lists.fossil-scm.org">fossil-users@lists.fossil-scm.<wbr>org</a><br>
<a href="http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users" \
rel="noreferrer" target="_blank">http://lists.fossil-scm.org:<wbr>8080/cgi-bin/mailman/listinfo/<wbr>fossil-users</a><br>
</div></div></blockquote></div><br></div>
[Attachment #6 (text/plain)]
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic