[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion security needs to improve.

From: Mark Benedetto King <mbk_at_lowlatency.com>
Date: 2004-10-21 00:44:33 CEST

On Wed, Oct 20, 2004 at 02:28:45PM -0700, Ben Reser wrote:
> Ultimately, I think we have a pretty good security history. So far
> we've had only 2 vulnerabilities that risked gaining access to the
> system. The first one was pretty shallow and should have been caught.
> But it happened to be a case of reusing a printf format for a sscanf, so
> it didn't stand out even if you read the code.
>

As an aside:

IIRC, the scanf vulnerability was found by a security researcher who
essentially grepped for scanf.

In many projects, this would have generated a huge list of potential
vulnerabilities, and required careful investigation of each one.

In our case, it generated exactly 2 matches. One of them was
vulnerable.

We were intentially not using unsafe functions like scanf. This
significantly reduces the potential for these kinds of errors.

It is unfortunate that such a vulnerability existed, but I think
the fact that there were (and are) only two calls to scanf in the entire
codebase is a good indicator of just how much defensive programming
is in place in svn already.

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 21 00:41:49 2004

This is an archived mail posted to the Subversion Dev mailing list.