Project

General

Profile

Actions

Feature #1415

closed

Let system administrator limit repositories valid sources

Added by Paul Rivier almost 15 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
High
Category:
SCM
Target version:
Start date:
2008-06-09
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

As pointed out by Jean Philippe in #1393, users with project manager permissions can setup SCM sources to anything they want. IOW, if they know any valid path to a repository in the hosting system, they can read it. It can be a serious privacy issue.
I think we should take some time to discuss it here, and find an elegant way to fix it.
What do you think about this ?


Related issues

Related to Redmine - Feature #13038: Base path for filesystem repository adapterClosed

Actions
Related to Redmine - Feature #17164: file:/// repository insecureClosed

Actions
Has duplicate Redmine - Feature #10966: [SECURITY] Project Managers should not be able to choose an URL for a local repositoryClosed

Actions
Has duplicate Redmine - Defect #18291: Path property security issue when adding filesystem repositoryClosed

Actions
Actions #1

Updated by Paul Rivier almost 15 years ago

One possible design could be to restrict what a project manager can do from the Project Settings page. For exemple, we could disable 'modules' and 'repository' for non-admins. Very naïve solution.

Actions #2

Updated by Anonymous almost 15 years ago

Does this not come down to trusting your managers. If you don't trust them, don't make them a project manager. Create another role with suitable privileges. The default roles only allows a developer to edit versions of a project.

Perhaps an explicit 'edit repository' to go along with the 'edit modules' setting could be added.

Cheers

Russell

Actions #3

Updated by Jean-Philippe Lang almost 15 years ago

Perhaps an explicit 'edit repository' to go along with the 'edit modules' setting could be added.

Actually, the permission already exists, it's called Manage repository (it lets user create/destroy the project's repository).

Actions #4

Updated by Paul Rivier almost 15 years ago

Hi, Russel.

Does this not come down to trusting your managers.

No. For an almost infinite number of reason, trust is never an acceptable argument when speaking about privacy or security. One example to illustrate is : manager can give manager rights to other people. One other is : on common web application deployment, there is one person that administrates the hosting system, one other administrating redmine instance, and some people working on it with some privileges. Those people don't know each other. System administrator will probably use filesystem permissions to prevent redmine process from being able to visit the whole FS. But what can the redmine administrator do ? An instance is a single process with a single posix user, so it must be able to read all the repositories for all the projects. Some restriction facilities, at the redmine level, are probably missing.

Perhaps an explicit 'edit repository' to go along with the 'edit modules' setting could be added.

Isn't that what 'manage repository' permission is about ?

Actions #5

Updated by Anonymous almost 15 years ago

Hi Paul,

Just re-read your original report, and I completely miss-understood it yesterday so apologies for that. I can see the issue now.

Isn't that what 'manage repository' permission is about ?

Ah yes, missed that one, was looking at the project group at the top.

Cheers

Russell

Actions #6

Updated by Jean-Philippe Lang over 14 years ago

  • Target version deleted (0.8)
Actions #7

Updated by Lluís Vilanova over 13 years ago

  • Status changed from New to Resolved

Unless I misunderstood the discussion, this is provided by the Manage repository permission, as previously commented.

Actions #8

Updated by Jan Niggemann (redmine.org team member) over 10 years ago

  • Status changed from Resolved to Closed

Closing this, status is resolved since 400 days and more (issue was last updated more than 400 days ago)...

Actions #9

Updated by Jean-Philippe Lang over 8 years ago

  • Subject changed from Let administrator limit repositories valid sources to Let system administrator limit repositories valid sources
  • Status changed from Closed to Resolved
  • Target version set to 3.0.0
  • Resolution set to Fixed

r13573 lets you define regular expressions in the Redmine configuration file to limit valid repository path.

Actions #10

Updated by Jean-Philippe Lang over 8 years ago

  • Has duplicate Feature #10966: [SECURITY] Project Managers should not be able to choose an URL for a local repository added
Actions #11

Updated by Jean-Philippe Lang over 8 years ago

  • Related to Feature #13038: Base path for filesystem repository adapter added
Actions #12

Updated by Jean-Philippe Lang over 8 years ago

Actions #13

Updated by Jean-Philippe Lang over 8 years ago

  • Has duplicate Defect #18291: Path property security issue when adding filesystem repository added
Actions #14

Updated by Mischa The Evil over 8 years ago

Woot! Nice to see this is added in this manner in 3.0.0. Thanks for it.

Actions #15

Updated by Jean-Philippe Lang over 8 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF