Michael W Thelen wrote:
> Andreas Magnusson wrote:
>
>> In connection to this thread:
>> http://svn.haxx.se/dev/archive-2006-02/0631.shtml
>>
>> Now, I'm not sure about the log message, but I'm sure that we will fix
>> that.
>>
>> On another note the name of the function isn't really true anymore, but
>> what should the name be instead? And is it worth the rev'ing of this API?
>>
>> [[[
>> Use simple implementation of svn_io_set_file_read_[write|only]
>>
>> * subversion/libsvn_subr/io.c
>> (svn_io_set_file_read_write_carefully): Replace complex logic for
>> trying to do the right thing on systems with unix style permissions
>> with simple calls to svn_io_set_file_read_[write|only] instead.
>> ]]]
>>
>
> Thanks for the patch, Andreas... would a developer be able to take a
> look at this patch and review it? If not I'll file an issue for it
> within a few days.
>
The patch isn't correct. We need the functionality that's in that
function; without it, we reopen the security hole that the function was
trying to fix. (I say "trying" because the hole is still there, it's
just not so glaringly obvious than it was before.)
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 8 02:26:44 2006