Re: .subversion default rights

On Wed, 02 Mar 2005 16:26:23 +0100, Manuel VACELET
<manuel.vacelet-abecedaire@st.com> wrote:
> Hi all (transfer from users@ list),
>
> I use subversion (client) 1.0.6 under both Solaris (8) and Linux build
> from sources.
>
> Default .subversion directory created by first svn call is bad protected
> (probaly using default umask) instead of setting 'chmod 0700'. This
> directory that can contains sensible datas (passwords in servers file)
> so it have to be well protected by default.

I can verify that this is still the case with 1.1.3 release (built from source)

> It concerns ~/.subversion/servers that can contains proxy password.

Good catch....

> Morever I think a dot file (or directory) should be protected by default
> even if there is no 'sensitive' data into. So instead of chmod 0600
> ~/.subversion/servers, chmod 0700 ~/.subversion should be done.

I agree, and since this directory contains configuration and behavioral
controls for Subversion, requiring that the directory be fully private
is important to help protect against standard attacks on parent inodes
of the sensitive data.

When creating the directory it should default to 0700.

The next question is if the client should warn / fail to work if
the directory is not secure. (Much like other secure software
does, such as SSH / OpenSSH) Personally, I don't know if
Subversion needs to be that strict for all, but I, for one, would not
mind if it were.

-- 
Michael Sinz               Technology and Engineering Director/Consultant
"Starting Startups"                          mailto:Michael.Sinz@sinz.org
My place on the web                      http://www.sinz.org/Michael.Sinz
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org