Re: Possible security problem with svnsync?

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: Wed, 12 May 2010 14:33:03 -0400

C. Michael Pilato wrote:
> Peter Samuelson wrote:
>> [Jon Foster]
>>> All he has to do is change the svn:sync-from-url property on the
>>> mirror repository to be a file:// URL to the source repository,
>>> rather than a http:// one. The correct file:// URL is probably
>>> guessable.
>> I'd never thought of this as as security problem, but I _do_ think it's
>> a suboptimal design where a svnsync setup stores state on the mirrored
>> repository which is relative not to the mirror, but to whoever is
>> running svnsync.
>>
>>> Please can we change "svnsync sync" to allow both the source and
>>> target URLs to be specified? That rather simple measure would block
>>> this attack. Since svnsync is usually invoked from a script, typing
>>> the extra URL isn't a problem.
>> Yes, this sounds like a good design anyway, aside from the security
>> question.
>
> I'm coding right now along these lines.

By the way, I'm tracking this is issue #3637[1]. The proposed solution has
been committed to trunk.

[1] http://subversion.tigris.org/issues/show_bug.cgi?id=3637

-- 
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand

application/pgp-signature attachment: OpenPGP digital signature

Received on 2010-05-12 20:33:36 CEST

This message: [ Message body ]
Next message: Greg Stein: "Re: Commiting, tree conflicts and keep-local"
Previous message: Philip Martin: "Commiting, tree conflicts and keep-local"
In reply to: C. Michael Pilato: "Re: Possible security problem with svnsync?"
Next in thread: Jon Foster: "RE: Possible security problem with svnsync?"
Reply: Jon Foster: "RE: Possible security problem with svnsync?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]