Branko Čibej wrote:
>>>I also need to test this on Win32, since most of this security code
>>>has to magically vanish for insecure O/S's;
>>
> If you're implying that Windows' security features are weaker than
> Unix's, I think you're in for a nasty surprise. Windows has a very
> powerful security architecture that leaves most Unices far behind, but
> we don't have a good API for it in APR.
No, I'm stating quite explicitely that _I_ don't want to bother with Window's
security for this proposed patch. If necessary, I will #ifdef out my code if
the use of setuid() doesn't act in a harmless fashion under Win32. I view the
fact that it is /possible/ to host Subversion under Windows as a testament to
the tenacity of the developers involved, rather than a recommendation to use the
platform.
It is true that there are ways under the Windows security model to completely
mess with your filesystem (to the point where files and directories are no
longer available to anyone, let alone administrator accounts)[1]. I don't
consider the presence of security features which are not in general practice
used to be terribly good design.
> Nor do we really need it for
> securing Subversion repositories, because the fact that Windows
> filesystem ACLs are inheritable makes things that are horribly hard to
> do on Unix childishly easy to set up on Windows.
>
I cannot begin to recount the number of times that Windows ACL's have messed up
my life. Granted, I will not run Active Directory until the heat death of the
universe has set in, so I am stuck with the NT4 domain model with a mixture of
NT and Win2K machines. I vastly prefer Netware as a file system, since the
security model is every bit the equal of Windows (and predates it by years), yet
it is possible to undo mistakes without pulling what is left of my hair out in
chunks.
YMMV ;~)
John
1) I do know how to get a command prompt running as SYSTEM to get around most of
the worst effects of a messed up ACL. I don't consider that a feature.
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Sep 8 22:56:20 2003