[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: start-commit.bat

From: Karl Fogel <kfogel_at_red-bean.com>
Date: 2007-11-13 04:44:24 CET

"David Glasser" <glasser@davidglasser.net> writes:
>> A comma works fine if the whole list is double-quoted, and we should
>> probably be quoting all parameters anyway to handle spaces in paths,
>> etc. if APR isn't already.
>
> This behavior disturbs me. It implies that via a careful choice of
> username or revprop name or something, Windows hooks can receive
> arguments that are shifted one or more spaces.
>
> We should figure out if this causes any serious security problems.

Yes. Since the code in hooks is arbitrary, the question is really
"Can we construct a hook in which arg shifting would cause a security
problem?" To which the answer is clearly yes; whether that would be a
plausible hook script or not I don't know.

Should we instead just check for platform-specific dangerous
characters before passing any arguments to hook scripts? That seems
like the safest bet.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Nov 13 04:44:33 2007

This is an archived mail posted to the Subversion Dev mailing list.