Feature #1415

Let system administrator limit repositories valid sources

Added by Paul Rivier about 10 years ago. Updated over 3 years ago.

Status:ClosedStart date:2008-06-09
Priority:HighDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:SCM
Target version:3.0.0
Resolution:Fixed

Description

As pointed out by Jean Philippe in #1393, users with project manager permissions can setup SCM sources to anything they want. IOW, if they know any valid path to a repository in the hosting system, they can read it. It can be a serious privacy issue.
I think we should take some time to discuss it here, and find an elegant way to fix it.
What do you think about this ?


Related issues

Related to Redmine - Feature #13038: Base path for filesystem repository adapter Closed
Related to Redmine - Feature #17164: file:/// repository insecure Closed
Duplicated by Redmine - Feature #10966: [SECURITY] Project Managers should not be able to choose ... Closed
Duplicated by Redmine - Defect #18291: Path property security issue when adding filesystem repos... Closed

Associated revisions

Revision 13573
Added by Jean-Philippe Lang over 3 years ago

Adds configuration settings to limit valid repository path (#1415).

Revision 13574
Added by Jean-Philippe Lang over 3 years ago

Adds text_subversion_repository_note string to locales (#1415).

History

#1 Updated by Paul Rivier about 10 years ago

One possible design could be to restrict what a project manager can do from the Project Settings page. For exemple, we could disable 'modules' and 'repository' for non-admins. Very naïve solution.

#2 Updated by Anonymous about 10 years ago

Does this not come down to trusting your managers. If you don't trust them, don't make them a project manager. Create another role with suitable privileges. The default roles only allows a developer to edit versions of a project.

Perhaps an explicit 'edit repository' to go along with the 'edit modules' setting could be added.

Cheers

Russell

#3 Updated by Jean-Philippe Lang about 10 years ago

Perhaps an explicit 'edit repository' to go along with the 'edit modules' setting could be added.

Actually, the permission already exists, it's called Manage repository (it lets user create/destroy the project's repository).

#4 Updated by Paul Rivier about 10 years ago

Hi, Russel.

Does this not come down to trusting your managers.

No. For an almost infinite number of reason, trust is never an acceptable argument when speaking about privacy or security. One example to illustrate is : manager can give manager rights to other people. One other is : on common web application deployment, there is one person that administrates the hosting system, one other administrating redmine instance, and some people working on it with some privileges. Those people don't know each other. System administrator will probably use filesystem permissions to prevent redmine process from being able to visit the whole FS. But what can the redmine administrator do ? An instance is a single process with a single posix user, so it must be able to read all the repositories for all the projects. Some restriction facilities, at the redmine level, are probably missing.

Perhaps an explicit 'edit repository' to go along with the 'edit modules' setting could be added.

Isn't that what 'manage repository' permission is about ?

#5 Updated by Anonymous about 10 years ago

Hi Paul,

Just re-read your original report, and I completely miss-understood it yesterday so apologies for that. I can see the issue now.

Isn't that what 'manage repository' permission is about ?

Ah yes, missed that one, was looking at the project group at the top.

Cheers

Russell

#6 Updated by Jean-Philippe Lang over 9 years ago

  • Target version deleted (0.8)

#7 Updated by Lluís Vilanova almost 9 years ago

  • Status changed from New to Resolved

Unless I misunderstood the discussion, this is provided by the Manage repository permission, as previously commented.

#8 Updated by Jan Niggemann (redmine.org team member) over 5 years ago

  • Status changed from Resolved to Closed

Closing this, status is resolved since 400 days and more (issue was last updated more than 400 days ago)...

#9 Updated by Jean-Philippe Lang over 3 years ago

  • Subject changed from Let administrator limit repositories valid sources to Let system administrator limit repositories valid sources
  • Status changed from Closed to Resolved
  • Target version set to 3.0.0
  • Resolution set to Fixed

r13573 lets you define regular expressions in the Redmine configuration file to limit valid repository path.

#10 Updated by Jean-Philippe Lang over 3 years ago

  • Duplicated by Feature #10966: [SECURITY] Project Managers should not be able to choose an URL for a local repository added

#11 Updated by Jean-Philippe Lang over 3 years ago

  • Related to Feature #13038: Base path for filesystem repository adapter added

#12 Updated by Jean-Philippe Lang over 3 years ago

#13 Updated by Jean-Philippe Lang over 3 years ago

  • Duplicated by Defect #18291: Path property security issue when adding filesystem repository added

#14 Updated by Mischa The Evil over 3 years ago

Woot! Nice to see this is added in this manner in 3.0.0. Thanks for it.

#15 Updated by Jean-Philippe Lang over 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF