Bug: svn log info restricted even when authorized

Subversion server 1.2.1 (Apache with mod_authz_svn) sometimes restricts
access to log information even when a user has read/write access to the
area being restricted. This only happens if the user requests log
information for a directory above the restricted directory. Requesting
log information on the restricted directory itself works fine. Here's
what I mean:

My access file looks like this:

[projects:/]
* = r
mike = rw

[projects:/foo/trunk/restricted]
* =
mike = rw

The user mike can commit to /foo/trunk/restricted. Running svn log
directly on the restricted directory works as you would expect:

$ svn log http://svn.example.com/projects/foo/trunk/restricted --limit 1
------------------------------------------------------------------------
r689 | mike | 2005-08-06 00:43:55 -0600 (Sat, 06 Aug 2005) | 1 line
Changed paths:
   M /foo/trunk/restricted/thingy.pl

Add meaningless change.
------------------------------------------------------------------------

Running svn log on a directory above the restricted one produces this:

$ svn log http://svn.example.com/projects/foo/trunk --limit 1
------------------------------------------------------------------------
r689 | (no author) | (no date) | 1 line

------------------------------------------------------------------------

It looks like maybe the fix for the CAN-2004-0749 security issue
(r11102) may have been a little too restrictive? Unfortunately I can't
test the trunk code right now to see if it still has this behavior.

-- 
Michael W Thelen
It is a mistake to think you can solve any major problems just with
potatoes.       -- Douglas Adams
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org