[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Re: Is mod_dav_svn safe for use in a threaded MPM?

From: Eric Gillespie <epg_at_pretzelnet.org>
Date: 2007-04-10 19:27:51 CEST

Malcolm Rowe <malcolm-svn-dev@farside.org.uk> writes:

> svn_repos_t is an opaque structure - we can change it however we want.
>
> We could stop creating the 'dav' directory, but then you'd have a
> situation where 'svnadmin create' couldn't create a repository that
> worked with an older mod_dav_svn, I think. You could create the
> directory only for --pre-1.x-compatible repostiories, though.
> Is there no reason you can't just continue to use the existing 'dav'
> directory?

I would really rather have svnadmin not create the directory. It
always bugged me that i had to remove 'dav' directories from my
repositories, when i had no plans to use it. However, you're
right that svnadmin should create it with --pre-1.5-compatible
and i can use 'dav/activities.d' as the default db location.

> - Does mod_dav restrict activity names to a filename-safe subset?
> What's to stop someone performing a MKACTIVITY/MERGE against an activity
> called '../../../../etc/passwd', for example (or 'NUL' or 'AUX'...)?

If i understand correctly, yes. See repos.c where it parses it
out of request URLs, which look like

  /test/!svn/act/56f63f40-e12e-11db-b643-efea7bcec873

These functions in activity.c are given the last component.

> - Are we happy to decide that the activities are tied to a specific
> mod_dav_svn version? i.e. we don't need to provide for compatibility
> between mod_dav_svn 1.5 and activities created with mod_dav_svn 1.4.

I say so. They are, after all, transitory.

> - I find it rather confusing that you're referring to an 'activities db'
> when it's not actually a database :-)

Sure it is.

> Opening the file in buffered mode when you're going to read everything
> at once just wastes a 4k APR file buffer.

Good point; i'll drop that.

Thanks for looking at this.

--
Eric Gillespie <*> epg@pretzelnet.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 10 19:29:05 2007

This is an archived mail posted to the Subversion Dev mailing list.