From mboxrd@z Thu Jan  1 00:00:00 1970
From: melmothx at gmail.com (Marco Pessotto)
Date: Fri, 14 Dec 2018 11:24:07 +0100
Subject: Running CGit with user owning the repository
In-Reply-To: <20181213202414.GA1674@chatter.qube.local>
References: <87o99qsgq5.fsf@universe.krase.net>
 <20181213202414.GA1674@chatter.qube.local>
Message-ID: <87o99o5rug.fsf@universe.krase.net>


Konstantin Ryabitsev <konstantin at linuxfoundation.org> writes:

> On Wed, Dec 12, 2018 at 08:11:14PM +0100, Marco Pessotto wrote:
>>this is going to be a dumb question, but are there major concerns about
>>running CGit with the same user owning the repository? Ok, not
>>super-optimal, but is that acceptable?
>
> It's generally not something I'd advise. Of course, CGit does its best
> to remain secure and should not perform any write operations on the git
> repositories it serves. However, this means your defenses are 1 layer
> deep. If a sufficiently bad bug in CGit is found, your repositories are
> now exposed to tampering.
>
> It's best practice not to create systems protected by only one layer of
> defense, because bugs and deployment mistakes will inevitably result in
> security incidents given a long enough period of time. Adding extra
> protection such as different systems users for writing and reading will
> help you hedge against such problems.

Thanks Konstantin for your advise, it seems the best thing to do indeed.

--
Marco