Ivan Zhakov <ivan_at_visualsvn.com> writes:
> On Tue, Jul 17, 2012 at 2:14 PM, Philip Martin
> <philip.martin_at_wandisco.com> wrote:
>> philip_at_apache.org writes:
>> > Author: philip
>> > Date: Tue Jul 17 10:12:20 2012
>> > New Revision: 1362434
>> > URL: http://svn.apache.org/viewvc?rev=1362434&view=rev
>> > Log:
>> > Allow third party FS modules to be loaded when configured
>> > with --enable-runtime-module-search.
>> Until now anyone wanting to write an FS module had a problem: only
>> modules known to the Subversion project could be loaded and used.
>> That means that anyone wanting to write their own module had to get a
>> patch for their module name into the core Subversion code. Or write
>> their own loader/server.
>> I don't think there is any security risk here: I need to write to the
>> repository fs-type file to get a malicious module to load and if I can
>> do that it would be far easier to use one of the hook scripts.
> It still possible security issue here. Just image that repository is
> stored on network share or something. Someone tweaked fs-type and put
> fake .dll in repository folder. Then another user accesses this
> repository and gets this dll loaded on his behalf!
To get a DSO loaded it has to go into the library search path. If the
victim has a world writeable location in the search path the attacker
could replace any DSO.
> To prevent such issues we should valdiate fs-type to be only file name
> with only alphanumeric characters. No dots, spaces or slashes. We also
> should only load DSO module from directory where Subversion installed
> for better protection.
That's a good idea. r1362480.
Cerified & Supported Apache Subversion Downloads:
Received on 2012-07-17 15:21:50 CEST