Re: annoyance in error reporting

From: mark benedetto king <mbk_at_lowlatency.com>
Date: 2003-11-24 18:00:51 CET

On Mon, Nov 24, 2003 at 11:49:46AM -0500, Greg Hudson wrote:
> On Mon, 2003-11-24 at 02:11, Karl Chen wrote:
> > When Subversion can't access a repository it doesn't give
> > information as to why not. For example, if a grandparent
> > directory needs chmod a+rx all you'll get is
> >
> > svn: Unsupported repository version
> > svn: PROPFIND request failed on '/repos/quarl/trunk/bookmarks'
> > svn:
> > Expected version '2' of repository; found no version at all; is '/home/quarl/REPOS/quarl' a valid repository path?
>
> I see a few problems here, the first two of which are the most
> important:
>

Also, there is issue 1051: "mod_dav_svn displays real path to repository".

This is a real information leak that is likely to be "discovered" by
third-party auditors and reported on security mailing lists, and will
give mod_dav_svn an undeserved black eye.

I'd like to make issue 1051 a requirement for 1.0, or document clearly
in INSTALL that an empty repository (or a misconfigured one) can result
in this behaviour.

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Nov 24 18:27:15 2003

This message: [ Message body ]
Next message: Barry Scott: "Re: Seruious problems with APU_WANT_DB"
Previous message: Erik Huelsmann: "Re: [Issue 1613] svn diff -x segfaults"
In reply to: Greg Hudson: "Re: annoyance in error reporting"
Next in thread: kfogel_at_collab.net: "Re: annoyance in error reporting"
Reply: kfogel_at_collab.net: "Re: annoyance in error reporting"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]