[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Doing a security audit of Subversion.

From: Michael Sweet <mike_at_easysw.com>
Date: 2004-06-21 22:08:29 CEST

kfogel@collab.net wrote:
> I've started doing a security audit of Subversion's code. I'm not
> expert in this, but (as you probably noticed) we've had two security
> releases already, 1.0.3 and 1.0.5. It'd be nice to be ahead of the
> game for once, instead of catching up. Anyone who wants to help,
> please join me! You can post here to say what sort of inspection
> you're doing, but, for obvious reasons,
> ...

I'll add another useful method for auditing code - use valgrind
(http://valgrind.kde.org) to run svnserve. It *will* run a lot
slower than normal, but I have found it very useful for tracking down
less obvious bugs and risky use of common functions. We use it
regularly on CUPS and HTMLDOC now, and so far so good! :)

Valgrind is also good at tracking resource leaks, and can give you
some nice memory statistics if you like.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products           mike at easysw dot com
Printing Software for UNIX                       http://www.easysw.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jun 21 22:09:16 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.