Re: Should svnserve set umask to 002?

From: <ghudson_at_MIT.EDU>
Date: 2003-01-23 20:52:18 CET

On Thu, 2003-01-23 at 14:37, Branko Èibej wrote:
Actually, ra_local has a similar problem; it should set the umask to 002
when fiddling with the database, too. Then Unix people could finally set
up their repositories so that they could be used by all RA methods
simultaneously.

Setting the umask to 002 would be a security hole. Consider this use
case: I naively set up a repository for my own use, on a system where
all users are in the same primary group.

The right answer is: after repository creation, when a log file is
created by the FS layer, it should be chmodded to the same permissions
as the database. Unfortunately, this may require changes to Berkeley DB
itself; I'm not sure. (We could compute a umask to set around Berkeley
DB calls, except that introduces thread-safety issues.)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 14 02:09:54 2006

This message: [ Message body ]
Next message: nas_at_mems-exchange.org: "Re: Should svnserve set umask to 002?"
Previous message: brane_at_xbc.nu: "Re: [PATCH] Add reporter-set_path pool parameter"
Next in thread: nas_at_mems-exchange.org: "Re: Should svnserve set umask to 002?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]