[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Possible security problem with svnsync?

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: Wed, 12 May 2010 12:08:45 -0400

Peter Samuelson wrote:
> [Jon Foster]
>> All he has to do is change the svn:sync-from-url property on the
>> mirror repository to be a file:// URL to the source repository,
>> rather than a http:// one. The correct file:// URL is probably
>> guessable.
> I'd never thought of this as as security problem, but I _do_ think it's
> a suboptimal design where a svnsync setup stores state on the mirrored
> repository which is relative not to the mirror, but to whoever is
> running svnsync.
>> Please can we change "svnsync sync" to allow both the source and
>> target URLs to be specified? That rather simple measure would block
>> this attack. Since svnsync is usually invoked from a script, typing
>> the extra URL isn't a problem.
> Yes, this sounds like a good design anyway, aside from the security
> question.

I'm coding right now along these lines.

C. Michael Pilato <cmpilato_at_collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand

Received on 2010-05-12 18:09:18 CEST

This is an archived mail posted to the Subversion Dev mailing list.