[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Showing full pathname of repo

From: Colin Watson <cjwatson_at_flatline.org.uk>
Date: 2004-01-25 05:11:10 CET

On Sun, Jan 25, 2004 at 10:39:05AM +0800, plasma wrote:
> I just ran into this command:
>
> plasma_at_plasmanb:~> svn log -r 9900 -v http://svn.elixus.org/repos/
> subversion/libsvn_ra_dav/util.c:661: (apr_err=160006)
> svn: PROPFIND request failed on '/repos/!svn/vcc/default'
> subversion/libsvn_ra_dav/util.c:359: (apr_err=160006)
> svn:
> reference to non-existent revision '9900' in filesystem '/home/svnrepos/repos/db'
>
> And I noticed the full pathname of repository is shown. Is this a
> good idea to reveal the full pathname of repository?

Surely, if it matters that an attacker knows the path, you've already
lost anyway? I've found the information useful for diagnosing problems
in the past and don't see how it's a vulnerability.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Jan 25 05:11:48 2004

This is an archived mail posted to the Subversion Dev mailing list.