[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Clean up svn_io_set_file_read_write_carefully

From: Branko Čibej <brane_at_xbc.nu>
Date: 2006-03-08 02:26:29 CET

Michael W Thelen wrote:
> Andreas Magnusson wrote:
>
>> In connection to this thread:
>> http://svn.haxx.se/dev/archive-2006-02/0631.shtml
>>
>> Now, I'm not sure about the log message, but I'm sure that we will fix
>> that.
>>
>> On another note the name of the function isn't really true anymore, but
>> what should the name be instead? And is it worth the rev'ing of this API?
>>
>> [[[
>> Use simple implementation of svn_io_set_file_read_[write|only]
>>
>> * subversion/libsvn_subr/io.c
>> (svn_io_set_file_read_write_carefully): Replace complex logic for
>> trying to do the right thing on systems with unix style permissions
>> with simple calls to svn_io_set_file_read_[write|only] instead.
>> ]]]
>>
>
> Thanks for the patch, Andreas... would a developer be able to take a
> look at this patch and review it? If not I'll file an issue for it
> within a few days.
>
The patch isn't correct. We need the functionality that's in that
function; without it, we reopen the security hole that the function was
trying to fix. (I say "trying" because the hole is still there, it's
just not so glaringly obvious than it was before.)

-- Brane

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 8 02:26:44 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.