[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1362434 - in /subversion/trunk: configure.ac subversion/include/svn_fs.h subversion/libsvn_fs/fs-loader.c

From: Ivan Zhakov <ivan_at_visualsvn.com>
Date: Tue, 17 Jul 2012 16:52:16 +0400

On Tue, Jul 17, 2012 at 2:14 PM, Philip Martin
<philip.martin_at_wandisco.com> wrote:
> philip_at_apache.org writes:
> > Author: philip
> > Date: Tue Jul 17 10:12:20 2012
> > New Revision: 1362434
> >
> > URL: http://svn.apache.org/viewvc?rev=1362434&view=rev
> > Log:
> > Allow third party FS modules to be loaded when configured
> > with --enable-runtime-module-search.
> Until now anyone wanting to write an FS module had a problem: only
> modules known to the Subversion project could be loaded and used.
> That means that anyone wanting to write their own module had to get a
> patch for their module name into the core Subversion code. Or write
> their own loader/server.
> I don't think there is any security risk here: I need to write to the
> repository fs-type file to get a malicious module to load and if I can
> do that it would be far easier to use one of the hook scripts.
It still possible security issue here. Just image that repository is
stored on network share or something. Someone tweaked fs-type and put
fake .dll in repository folder. Then another user accesses this
repository and gets this dll loaded on his behalf!

To prevent such issues we should valdiate fs-type to be only file name
with only alphanumeric characters. No dots, spaces or slashes. We also
should only load DSO module from directory where Subversion installed
for better protection.

Ivan Zhakov
Received on 2012-07-17 14:53:09 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.