[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Subversion Issue 3242

From: Rupert Wood <me_at_rupey.net>
Date: Tue, 4 Aug 2009 16:13:27 +0100

Stefan Sperling wrote:

> One thing Mike had concerns about was that his solution would leak
> information about the existence of sibling nodes all the way at
> every parent directory of a path protected by authz.
>
> I think with a "you may know that parent exists" policy, this problem
> is not avoidable and people should design their directory hierarchies
> appropriately if they have a problem with leaking information about
> siblings.

If you're happy with that then the solution is really easy: change mod_authz_svn to allow OPTIONS and PROPGET on a path if the user has read access to any child of the current path, i.e. implement a new svn_repos_authz_access_t svn_authz_read_any_child.

However I read that first email as saying we need to hide the secret dir, i.e. we need to integrate enough of mod_authz_svn and the server to filter the output based on user permissions.

Rup.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2380049
Received on 2009-08-04 17:13:53 CEST

This is an archived mail posted to the Subversion Dev mailing list.