* Running CGit with user owning the repository
@ 2018-12-12 19:11 melmothx
2018-12-13 20:24 ` konstantin
0 siblings, 1 reply; 3+ messages in thread
From: melmothx @ 2018-12-12 19:11 UTC (permalink / raw)
Hi there,
this is going to be a dumb question, but are there major concerns about
running CGit with the same user owning the repository? Ok, not
super-optimal, but is that acceptable?
I think CGit avoids to even touch the repo is serving and it shouldn't
write on it, but I'd like to know what you think about it.
The rationale behind this question is that I'm embedding cgit in an
application (amusewiki.org/git) and the setup would be simplified a lot
without the need of another service just for this. If you encourage the
user separation, I'll keep the things as they are.
Thanks in advance
Best wishes
--
Marco
^ permalink raw reply [flat|nested] 3+ messages in thread
* Running CGit with user owning the repository
2018-12-12 19:11 Running CGit with user owning the repository melmothx
@ 2018-12-13 20:24 ` konstantin
2018-12-14 10:24 ` melmothx
0 siblings, 1 reply; 3+ messages in thread
From: konstantin @ 2018-12-13 20:24 UTC (permalink / raw)
On Wed, Dec 12, 2018 at 08:11:14PM +0100, Marco Pessotto wrote:
>this is going to be a dumb question, but are there major concerns about
>running CGit with the same user owning the repository? Ok, not
>super-optimal, but is that acceptable?
It's generally not something I'd advise. Of course, CGit does its best
to remain secure and should not perform any write operations on the git
repositories it serves. However, this means your defenses are 1 layer
deep. If a sufficiently bad bug in CGit is found, your repositories are
now exposed to tampering.
It's best practice not to create systems protected by only one layer of
defense, because bugs and deployment mistakes will inevitably result in
security incidents given a long enough period of time. Adding extra
protection such as different systems users for writing and reading will
help you hedge against such problems.
-K
^ permalink raw reply [flat|nested] 3+ messages in thread
* Running CGit with user owning the repository
2018-12-13 20:24 ` konstantin
@ 2018-12-14 10:24 ` melmothx
0 siblings, 0 replies; 3+ messages in thread
From: melmothx @ 2018-12-14 10:24 UTC (permalink / raw)
Konstantin Ryabitsev <konstantin at linuxfoundation.org> writes:
> On Wed, Dec 12, 2018 at 08:11:14PM +0100, Marco Pessotto wrote:
>>this is going to be a dumb question, but are there major concerns about
>>running CGit with the same user owning the repository? Ok, not
>>super-optimal, but is that acceptable?
>
> It's generally not something I'd advise. Of course, CGit does its best
> to remain secure and should not perform any write operations on the git
> repositories it serves. However, this means your defenses are 1 layer
> deep. If a sufficiently bad bug in CGit is found, your repositories are
> now exposed to tampering.
>
> It's best practice not to create systems protected by only one layer of
> defense, because bugs and deployment mistakes will inevitably result in
> security incidents given a long enough period of time. Adding extra
> protection such as different systems users for writing and reading will
> help you hedge against such problems.
Thanks Konstantin for your advise, it seems the best thing to do indeed.
--
Marco
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-12-14 10:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-12 19:11 Running CGit with user owning the repository melmothx
2018-12-13 20:24 ` konstantin
2018-12-14 10:24 ` melmothx
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).