On Tue, Dec 28, 2010 at 12:11:47PM -0500, Nico Kadel-Garcia wrote: > As Stefan pointes out elsewhere, svnserve will run without an > svnserve.conf. Perhaps it *shouldn't*, and the default svnserve.conf > should be published as svnserve.conf.tmpl? That would force manual > enabling of a service that should not be available by default.
svnserve reads the repository's svnserve.conf file when it receives a client request concerning this repository. In other words, there is nothing we can do in the repository-specific svnserve.conf file to prevent svnserve from starting in the first place. Also, I don't understand how starting svnserve would help an attacker since to start svnserve the attacker would already need access to the system. Users with shell access to the system can of course run their own svnserve instance on an unprivileged port (and svnserve runs on an unprivileged port by default). There is no way to prevent this. The user might even copy an svnserve binary from a remote system and run it. But the same is true for any other network daemon that can be run on an unprivileged port. Stefan
