RE: Subversion Issue 3242

From: Rupert Wood <me_at_rupey.net>
Date: Tue, 4 Aug 2009 16:13:27 +0100

Stefan Sperling wrote:

> One thing Mike had concerns about was that his solution would leak
> information about the existence of sibling nodes all the way at
> every parent directory of a path protected by authz.
>
> I think with a "you may know that parent exists" policy, this problem
> is not avoidable and people should design their directory hierarchies
> appropriately if they have a problem with leaking information about
> siblings.

If you're happy with that then the solution is really easy: change mod_authz_svn to allow OPTIONS and PROPGET on a path if the user has read access to any child of the current path, i.e. implement a new svn_repos_authz_access_t svn_authz_read_any_child.

However I read that first email as saying we need to hide the secret dir, i.e. we need to integrate enough of mod_authz_svn and the server to filter the output based on user permissions.

Rup.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2380049
Received on 2009-08-04 17:13:53 CEST

This message: [ Message body ]
Next message: HuiHuang: "Re: [PATCH]svn_wc_transmit_prop_deltas2-wc-ng"
Previous message: Hyrum K. Wright: "Re: [PATCH]svn_wc_transmit_prop_deltas2-wc-ng"
In reply to: Stefan Sperling: "Re: Subversion Issue 3242"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]