[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

minor information leak in the svnserve authz code

From: Marcus Rueckert <darix_at_web.de>
Date: 2005-12-27 05:25:30 CET


steps to reproduce:

cd /tmp
svnadmin create foo
cd foo/conf
perl -p -i -e 's|^# ||g' svnserve.conf
echo -e "[/]\n* = r\n@active = rw" >> authz
svnserve -d -r /tmp/foo
svn ls svn://localhost:3691/

the message you get is:
svn: An authz rule refers to group '@active', which is undefined

do we really want to pass this information to the client?
i always thought this should be only server side.
i see the problems with the missing logging. but i dont think the error
should be passed to the client.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 27 05:26:18 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.