Petyovskı Petr wrote on Thu, Dec 15, 2011 at 18:47:51 +0100:
> Hello.
> I have some reports of the svnserve daemon dying under vanilla fedora 15.
>
> My story is simple...
> I was need svn repository for my students on the course C/C++
> programming, like each semester.
> So, I installed vanilla Fedora 15, configure and start vanilla svn
> 1.6.17 with svn:// (svnserve) scheme.
>
> Everything going ok (students are happy, commiting, checkouting etc.),
> but it's a third times when svnserve daemon died without any reason.
>
> Maybe I did something wrong in configuration...
> Maybe is something wrong on the students svn clients (tortoise svn)...
> But result is always same, svnserve sometimes dying. And this isn't good.
>
There is no such thing as "without any reason". What is the exit code?
Is there anything in syslog? In the --log-file? In stderr?
Did it catch a signal? Was it serving connections when it died? Did it
just accept a new one?
> I don't want start some "fire", but maybe is something wrong in svnserve
> itself.
> Because svnserve log after dying is very strange?
>
> Can you please contact me with some developer which response of
> svnserve security. This looks like strange vulnerability in svn daemon.
>
If possible, please follow up on the public users_at_subversion.apache.org
mailing list. (Several developers follow that list regularly.)
If you believe you know of a way to cause an svnserve daemon to crash,
please report it privately (by private email to me, or by
email security[at]apache[dot]org).
I'll note, though, that svnserve hasn't had a security issue in years,
and that not every crash is a security vulnerability.
> I have svnserve logs and effort to solve this problem...
> Thanks for your answer.
>
> Regards,
> Petr
>
Thanks,
Daniel
> PS: sorry for my english. ;-)
>
> Ing. Petr Petyovsky
> Faculty of Electrical Engineering and Communication
> Department of Control and Instrumentation
> Kolejni 4, 612 00 Brno
> Czech Republic
>
Received on 2011-12-16 16:38:17 CET