[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: svn log info restricted even when authorized

From: Lieven Govaerts <lgo_at_mobsol.be>
Date: 2005-08-06 10:13:50 CEST

This is the same issue I posted to this group last week, but in
my case it's in an Apache environment. The result is identical:
http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=103661

My problem is that this behaviour escalates in both javahl and the
XML export giving wrong results, so I'm also interested in having
a solution.

Lieven.

-----Original Message-----
From: Michael W Thelen [mailto:mike@pietdepsi.com]
Sent: zaterdag 6 augustus 2005 9:12
To: dev@subversion.tigris.org
Subject: Bug: svn log info restricted even when authorized

Subversion server 1.2.1 (Apache with mod_authz_svn) sometimes restricts
access to log information even when a user has read/write access to the area
being restricted. This only happens if the user requests log information
for a directory above the restricted directory. Requesting log information
on the restricted directory itself works fine. Here's what I mean:

My access file looks like this:

[projects:/]
* = r
mike = rw

[projects:/foo/trunk/restricted]
* =
mike = rw

The user mike can commit to /foo/trunk/restricted. Running svn log directly
on the restricted directory works as you would expect:

$ svn log http://svn.example.com/projects/foo/trunk/restricted --limit 1
------------------------------------------------------------------------
r689 | mike | 2005-08-06 00:43:55 -0600 (Sat, 06 Aug 2005) | 1 line Changed
paths:
   M /foo/trunk/restricted/thingy.pl

Add meaningless change.
------------------------------------------------------------------------

Running svn log on a directory above the restricted one produces this:

$ svn log http://svn.example.com/projects/foo/trunk --limit 1
------------------------------------------------------------------------
r689 | (no author) | (no date) | 1 line

------------------------------------------------------------------------

It looks like maybe the fix for the CAN-2004-0749 security issue
(r11102) may have been a little too restrictive? Unfortunately I can't test
the trunk code right now to see if it still has this behavior.

--
Michael W Thelen
It is a mistake to think you can solve any major problems just with
potatoes.       -- Douglas Adams
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 4/08/2005
 
-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 4/08/2005
 
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Aug 6 10:16:19 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.