[Bug 599066] Create a specific check for the gnomeweb user from l10n.gnome.org

  sysadmin | Git | unspecified

--- Comment #47 from Owen Taylor <otaylor redhat com> 2013-09-06 17:37:20 UTC ---
(In reply to comment #44)
I don't see much point in having a separate user to do the push on the client
side. The only point would be if the sudo'ed command tried to restrict exactly
what was pushed - if you can push anything then there is no security
improvement at all. And duplicating complicated checks on client and server
seems like too much.

Thinking about it, there is one significant thing you do get out of a sudo
setup which is preventing a directory traversal (or other read-only)
vulnerability from exposing the private key for someone to take and try to do
stuff on their own system. But hopefully locking the key to one IP *mostly*
handles that. So there would be some advantage, but I don't see it as blocking
getting something going.

Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]