Re: svn commit: r1362434 - in /subversion/trunk: configure.ac subversion/include/svn_fs.h subversion/libsvn_fs/fs-loader.c

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Tue, 17 Jul 2012 15:07:17 +0100

Ivan Zhakov <ivan_at_visualsvn.com> writes:

>> If the victim has a world writeable location in the search path the attacker
>> could replace any DSO.
>
> The attacker cannot replace any DSO, because current directory has
> lower priority than other locations. So in typical scenarios user is
> not vulnerable, because DSO is found in other location.
>
> So for security reason we should load DSO using absolute path at least
> on Windows.

I'm not sure how to get the absolute path.

Does anyone build on Windows with SVN_USE_DSO set?

-- 
Cerified & Supported Apache Subversion Downloads:
http://www.wandisco.com/subversion/download

Received on 2012-07-17 16:07:53 CEST

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]