Hi,
Looking at mod_dav_svn, I had been thinking, if it is possible to
hijack a DAV activity:
Being a legitimate user, checking something in over DAV, there's an
MKACTIVITY request. Now say there's a second malicious user that has
access to the repository and knows the UUID of the activity, he in
theory is able to DELETE or MERGE or do something bad to the activity
of the legitimate user.
Why worry, one may ask if UUID are unique enough and collision of
activities it theoretically not possible, there is no need to worry
that one legitimate user's action may interfere with another user's
action. One may argue that if there is such malicious user that has
repository access like I just described, it is already bad -- if he is
interfering with a legitimate user's actions, nothing will stop him
from harming the repository anyway.
Now, if activity's UUID is enough for its security (i.e. legitimate
user won't collide, and malicious user with repository access can't be
protected against), is there really any need to check for global
repository write access when there's a DELETE request coming for an
activity.
-Artem
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jun 20 16:51:26 2006