Feature #1415
closedLet system administrator limit repositories valid sources
0%
Description
As pointed out by Jean Philippe in #1393, users with project manager permissions can setup SCM sources to anything they want. IOW, if they know any valid path to a repository in the hosting system, they can read it. It can be a serious privacy issue.
I think we should take some time to discuss it here, and find an elegant way to fix it.
What do you think about this ?
Related issues
Updated by Paul Rivier over 16 years ago
One possible design could be to restrict what a project manager can do from the Project Settings page. For exemple, we could disable 'modules' and 'repository' for non-admins. Very naïve solution.
Updated by Anonymous over 16 years ago
Does this not come down to trusting your managers. If you don't trust them, don't make them a project manager. Create another role with suitable privileges. The default roles only allows a developer to edit versions of a project.
Perhaps an explicit 'edit repository' to go along with the 'edit modules' setting could be added.
Cheers
Russell
Updated by Jean-Philippe Lang over 16 years ago
Perhaps an explicit 'edit repository' to go along with the 'edit modules' setting could be added.
Actually, the permission already exists, it's called Manage repository (it lets user create/destroy the project's repository).
Updated by Paul Rivier over 16 years ago
Hi, Russel.
Does this not come down to trusting your managers.
No. For an almost infinite number of reason, trust is never an acceptable argument when speaking about privacy or security. One example to illustrate is : manager can give manager rights to other people. One other is : on common web application deployment, there is one person that administrates the hosting system, one other administrating redmine instance, and some people working on it with some privileges. Those people don't know each other. System administrator will probably use filesystem permissions to prevent redmine process from being able to visit the whole FS. But what can the redmine administrator do ? An instance is a single process with a single posix user, so it must be able to read all the repositories for all the projects. Some restriction facilities, at the redmine level, are probably missing.
Perhaps an explicit 'edit repository' to go along with the 'edit modules' setting could be added.
Isn't that what 'manage repository' permission is about ?
Updated by Anonymous over 16 years ago
Hi Paul,
Just re-read your original report, and I completely miss-understood it yesterday so apologies for that. I can see the issue now.
Isn't that what 'manage repository' permission is about ?
Ah yes, missed that one, was looking at the project group at the top.
Cheers
Russell
Updated by Lluís Vilanova about 15 years ago
- Status changed from New to Resolved
Unless I misunderstood the discussion, this is provided by the Manage repository permission, as previously commented.
Updated by Jan Niggemann (redmine.org team member) almost 12 years ago
- Status changed from Resolved to Closed
Closing this, status is resolved since 400 days and more (issue was last updated more than 400 days ago)...
Updated by Jean-Philippe Lang about 10 years ago
- Subject changed from Let administrator limit repositories valid sources to Let system administrator limit repositories valid sources
- Status changed from Closed to Resolved
- Target version set to 3.0.0
- Resolution set to Fixed
r13573 lets you define regular expressions in the Redmine configuration file to limit valid repository path.
Updated by Jean-Philippe Lang about 10 years ago
- Has duplicate Feature #10966: [SECURITY] Project Managers should not be able to choose an URL for a local repository added
Updated by Jean-Philippe Lang about 10 years ago
- Related to Feature #13038: Base path for filesystem repository adapter added
Updated by Jean-Philippe Lang about 10 years ago
- Related to Feature #17164: file:/// repository insecure added
Updated by Jean-Philippe Lang about 10 years ago
- Has duplicate Defect #18291: Path property security issue when adding filesystem repository added
Updated by Mischa The Evil about 10 years ago
Woot! Nice to see this is added in this manner in 3.0.0. Thanks for it.
Updated by Jean-Philippe Lang almost 10 years ago
- Status changed from Resolved to Closed