From mboxrd@z Thu Jan  1 00:00:00 1970
From: konstantin at linuxfoundation.org (Konstantin Ryabitsev)
Date: Thu, 13 Dec 2018 15:24:14 -0500
Subject: Running CGit with user owning the repository
In-Reply-To: <87o99qsgq5.fsf@universe.krase.net>
References: <87o99qsgq5.fsf@universe.krase.net>
Message-ID: <20181213202414.GA1674@chatter.qube.local>

On Wed, Dec 12, 2018 at 08:11:14PM +0100, Marco Pessotto wrote:
>this is going to be a dumb question, but are there major concerns about
>running CGit with the same user owning the repository? Ok, not
>super-optimal, but is that acceptable?

It's generally not something I'd advise. Of course, CGit does its best 
to remain secure and should not perform any write operations on the git 
repositories it serves. However, this means your defenses are 1 layer 
deep. If a sufficiently bad bug in CGit is found, your repositories are 
now exposed to tampering.

It's best practice not to create systems protected by only one layer of 
defense, because bugs and deployment mistakes will inevitably result in 
security incidents given a long enough period of time. Adding extra 
protection such as different systems users for writing and reading will 
help you hedge against such problems.

-K