[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [SVN-DEV] RE: Authorization [2]

From: C. Scott Ananian <cananian_at_lesser-magoo.lcs.mit.edu>
Date: 2001-09-05 16:57:51 CEST

On Wed, 5 Sep 2001, Sander Striker wrote:

> No, that would fail directly in the following situation:
> /foo/bar (this path has a DACL for certain users)
> Now a developer decides to rename or move bar and you get:
> /foo/baz
> This path doesn't have the DACL. So in the new revision the denied
> users can get in. Consider replacing the DACL to affect /foo/baz.

I actually think this is a *feature*. If the user has read permission in
bar but write permission in baz, then they can copy the file to baz in
order to "work on it". If they have write permission in bar, then
*moving* the file from bar to baz is permissible. This helps divide the
tree into security zones. If you don't want the DACL stripped, then you
shouldn't give the user permission to copy/move the file from the
DACL-controlled root. If you want to keep them from moving to /foo/baz,
there should be a DACL on /foo.

Boston early warning explosion Marxist Nader affinity group Milosevic
Serbian DC Seattle cracking class struggle CIA struggle Ortega Philadelphia
              ( http://lesser-magoo.lcs.mit.edu/~cananian )
 "These students are going to have to find out what law and order is
 all about." -- Brig. General Robert Canterbury, Noon, May 4, 1970,
 minutes before his troops shot 13 unarmed Kent State students, killing 4.
#!/usr/bin/perl -w
# 526-byte qrpff, Keith Winstein and Marc Horowitz <sipb-iap-dvd@mit.edu>
# MPEG 2 PS VOB file on stdin -> descrambled output on stdout
# arguments: title key bytes in least to most-significant order

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:40 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.