On Wed, Sep 24, 2014 at 11:06:13AM -0500, Les Mikesell wrote: > Does the recently announced bash bug: > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ > affect the security of the way people generally configure svn+ssh access? > > -- > Les Mikesell >From what I understand after reading about the problem briefly:
In an svn+ssh setup svn clients run 'svnserve -t' by default. But there is no reason this could not be changed to '/bin/bash' by an attacker. Note that forcing a command in the authorized_keys file will *not* work around the problem: http://seclists.org/oss-sec/2014/q3/651 It should be possible to mitigate this attack vector by having svnserve run in an environment that doesn't have bash available, either with no bash binary at all on the system, or within a chroot.
