"David Glasser" <glasser@davidglasser.net> writes:
>> A comma works fine if the whole list is double-quoted, and we should
>> probably be quoting all parameters anyway to handle spaces in paths,
>> etc. if APR isn't already.
>
> This behavior disturbs me. It implies that via a careful choice of
> username or revprop name or something, Windows hooks can receive
> arguments that are shifted one or more spaces.
>
> We should figure out if this causes any serious security problems.
Yes. Since the code in hooks is arbitrary, the question is really
"Can we construct a hook in which arg shifting would cause a security
problem?" To which the answer is clearly yes; whether that would be a
plausible hook script or not I don't know.
Should we instead just check for platform-specific dangerous
characters before passing any arguments to hook scripts? That seems
like the safest bet.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Nov 13 04:44:33 2007