[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1362434 - in /subversion/trunk: configure.ac subversion/include/svn_fs.h subversion/libsvn_fs/fs-loader.c

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Tue, 17 Jul 2012 15:07:17 +0100

Ivan Zhakov <ivan_at_visualsvn.com> writes:

>> If the victim has a world writeable location in the search path the attacker
>> could replace any DSO.
> The attacker cannot replace any DSO, because current directory has
> lower priority than other locations. So in typical scenarios user is
> not vulnerable, because DSO is found in other location.
> So for security reason we should load DSO using absolute path at least
> on Windows.

I'm not sure how to get the absolute path.

Does anyone build on Windows with SVN_USE_DSO set?

Cerified & Supported Apache Subversion Downloads:
Received on 2012-07-17 16:07:53 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.