Re: CGI for repository administration

On Tue, Jan 07, 2003 at 08:42:22 -0600, Karl Fogel wrote:

Philip Martin <philip@codematters.co.uk> writes:
> > > Oh, I see. What was the reason for this change?
> > It was quite possibly an unintended side-effect of r3831.
> s/quite possibly/definitely

> > > Is there a security
> > > issue with it?
> > I don't believe so. A repository administrator who wants to link to
> > an insecure file should be free to do so :)

> The fix is to change the test in the hook-running code. Josef, if you
> have time to make a patch, then great, otherwise can you file a quick
> issue pointing to this thread? Thanks,

AFAIK I do not have write access to the issue tracker, so I do not
have this option and am forced to try to fix it ;-)

At first glance, the fix seems to be pretty trivial: just remove the
'# if 0' from svn_io_check_path() and extend the checks within the
svn_repos__hooks_* functions. But this could break some of the callers
(there are about 90 callers) to svn_io_check_path() because many of
them do not check (and error out) for symlinks. Some of them would be
easy to fix, but others are somewhat confusing to me.

This is why I would like to know what was the reason for the r3831
change. I simply do not want to re-introduce the error which was meant
to be fixed by r3831...

Maybe I should just fix the majority of the callers and mark the
(hopefully) minority which I cant decide, so other could find those
non-obvious cases easily...

An other possibility to fix it would be to add a parameter to
svn_io_check_path() so that it knows whether the calling function is
able to deal with symlinks. This would also be trivial to do, but is
somewhat broken-by-design...

-- 
-- Josef Wolf -- jw@raven.inka.de --
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org