Re: svn commit: r1362434 - in /subversion/trunk: configure.ac subversion/include/svn_fs.h subversion/libsvn_fs/fs-loader.c

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Tue, 17 Jul 2012 11:14:10 +0100

philip_at_apache.org writes:

> Author: philip
> Date: Tue Jul 17 10:12:20 2012
> New Revision: 1362434
>
> URL: http://svn.apache.org/viewvc?rev=1362434&view=rev
> Log:
> Allow third party FS modules to be loaded when configured
> with --enable-runtime-module-search.

Until now anyone wanting to write an FS module had a problem: only
modules known to the Subversion project could be loaded and used.
That means that anyone wanting to write their own module had to get a
patch for their module name into the core Subversion code. Or write
their own loader/server.

I don't think there is any security risk here: I need to write to the
repository fs-type file to get a malicious module to load and if I can
do that it would be far easier to use one of the hook scripts.

We could do the same for RA modules but I have no plans to implement
it.

Disclaimer: at WANdisco we plan to use this feature.

-- 
Philip

Received on 2012-07-17 12:14:49 CEST

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]