Re: Subversion security needs to improve.

From: Mark Benedetto King <mbk_at_lowlatency.com>
Date: 2004-10-21 00:44:33 CEST

On Wed, Oct 20, 2004 at 02:28:45PM -0700, Ben Reser wrote:
> Ultimately, I think we have a pretty good security history. So far
> we've had only 2 vulnerabilities that risked gaining access to the
> system. The first one was pretty shallow and should have been caught.
> But it happened to be a case of reusing a printf format for a sscanf, so
> it didn't stand out even if you read the code.
>

As an aside:

IIRC, the scanf vulnerability was found by a security researcher who
essentially grepped for scanf.

In many projects, this would have generated a huge list of potential
vulnerabilities, and required careful investigation of each one.

In our case, it generated exactly 2 matches. One of them was
vulnerable.

We were intentially not using unsafe functions like scanf. This
significantly reduces the potential for these kinds of errors.

It is unfortunate that such a vulnerability existed, but I think
the fact that there were (and are) only two calls to scanf in the entire
codebase is a good indicator of just how much defensive programming
is in place in svn already.

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 21 00:41:49 2004

This message: [ Message body ]
Next message: Julian Foad: "Book: can we incorporate O'Reilly's edits?"
Previous message: Florian Weimer: "Re: Subversion security needs to improve."
In reply to: Ben Reser: "Re: Subversion security needs to improve."
Next in thread: Alex Holst: "Re: Subversion security needs to improve."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]