Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Wiki Replica
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
The Tor Project
TPA
Wiki Replica
Commits
ff994fce
Unverified
Commit
ff994fce
authored
5 years ago
by
anarcat
Browse files
Options
Downloads
Patches
Plain Diff
some tweaks
parent
df1d2518
No related branches found
Branches containing commit
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
tsa/howto/svn.mdwn
+16
-8
16 additions, 8 deletions
tsa/howto/svn.mdwn
with
16 additions
and
8 deletions
tsa/howto/svn.mdwn
+
16
−
8
View file @
ff994fce
...
...
@@ -6,13 +6,15 @@ Multiple people have access to the SVN server, in order:
## Layer 0: "the feds"
While the virtual machine is hosted on a server with full disk
While the virtual machine is
(now)
hosted on a server with full disk
encryption, it's technically possible that a hostile party with physical
access to the machine (or a 0day) would gain access to the machine
using
illegitimate means.
access to the machine (or a 0
-
day) would gain access to the machine
using
illegitimate means.
This attack vector exists for all of our infrastructure, to various
extents.
extents and is mitigated by trust in our upstream providers, our
monitoring infrastructure, timely security updates, and full disk
encryption.
## Layer 1: TPA sysadmins
...
...
@@ -28,7 +30,7 @@ months ago, in ticket #15949 by anarcat.
## Layer 3: SVN admins
SVN service admins have access to the `svn-access-policy` repository
which defines the
two
other access layers below. That repository is
which defines the other
two
access layers below. That repository is
protected, like other repositories, by HTTPS authentication and SVN
access controls.
...
...
@@ -54,9 +56,12 @@ The SVN repositories currently accessible include:
## Layer 5: SVN access control
The last layer of defense is the SVN "group" level access control,
defined in the `svn-access-policy.corp` configuration file. Other
repositories define other access controls, in particular the
`svn-access-policy` repository has its own configuration file, as
defined in the `svn-access-policy.corp` configuration file. In
practice, however, I believe that only Layer 4 HTTPS access controls
work for the corp repository.
Note that other repositories define other access controls, in particular
the `svn-access-policy` repository has its own configuration file, as
explained in layer 3.
## Notes
...
...
@@ -64,3 +69,6 @@ explained in layer 3.
The the above list, SVN configuration files are located in
`/srv/svn.torproject.org/svn-access/wc/`, the "working copy" of the
`svn-access` repository.
This document is a redacted version of a fuller audit provided
internally in march 2020.
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
