[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

minor information leak in the svnserve authz code

From: Marcus Rueckert <darix_at_web.de>
Date: 2005-12-27 05:25:30 CET

hi,

steps to reproduce:

[[[
cd /tmp
svnadmin create foo
cd foo/conf
perl -p -i -e 's|^# ||g' svnserve.conf
echo -e "[/]\n* = r\n@active = rw" >> authz
svnserve -d -r /tmp/foo
svn ls svn://localhost:3691/
]]]

the message you get is:
[[[
svn: An authz rule refers to group '@active', which is undefined
]]]

do we really want to pass this information to the client?
i always thought this should be only server side.
i see the problems with the missing logging. but i dont think the error
should be passed to the client.

darix

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 27 05:26:18 2005

This is an archived mail posted to the Subversion Dev mailing list.