[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: revprop changes and hooks

From: Peter Samuelson <peter_at_p12n.org>
Date: Wed, 9 Jun 2010 11:10:25 -0500

[Philip Martin]
> In svn_repos_fs_change_rev_prop3 the code first gets the old property
> value which it uses to calculate the action: 'A', 'M' or 'D'. Then it
> passes the action to the pre-revprop-change hook, then it changes the
> property and finally it runs the post-revprop-change hook. Some
> other process can change the revprop at any time so although the
> pre-revprop-change hook might get passed an 'A' say, when the change
> is made it could be effectively an 'M'. The action passed to the
> hook is not a reliable indication of the change to be made.

pre-revprop-change is mainly useful for access control, and I think for
the most part the three cases that can happen here ('A' becoming 'M'
due to another add; 'M' becoming 'A' due to a delete; or any action
becoming a no-op due to someone else doing the same action) are
harmless in that sense.

Unless, I suppose, you have an attacker who has permission to modify
but not add a property, and he wishes to make sure the property is not
deleted, so he modifies the property in a tight loop in hopes of racing
with whoever wants to delete it, hoping to end up re-adding it without
permission....?

Seems a bit far-fetched. I dunno.

-- 
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/
Received on 2010-06-09 18:11:02 CEST

This is an archived mail posted to the Subversion Dev mailing list.