[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

From: Thomas ┼kesson <thomas_at_akesson.cc>
Date: Wed, 24 Oct 2012 00:08:41 +0200

On 23 okt 2012, at 14:22, roderich.schupp_at_gmail.com wrote:

> I'm working on the patch to list only readable repositories. There is
> already TODO comment in the code by cmpilato:
> subversion\mod_dav_svn\repos.c:3461

Thanks Ivan for looking into it. Let's see if it is feasible to address.

> Please keep in mind that the problem is not restricted to parent-path collections
> of repositories: Since SVN 1.7 any user can "list" the root of a "standalone"
> repository even if she has no access grants whatsoever. Of course, the listing
> will be empty in this case (but the head revision is leaked).

Are you saying that SVN 1.7 always allows browsing the root but it is empty when the user lacks authz? When I follow a link from the parentpath repository list into a repository where I do not have access, I get a 403.

Perhaps it is possible to confirm the existence of a repository by specifically requesting the head revision from arbitrary repository names. That is not ideal but requires significantly more determination to figure out than just looking at a list.

Thomas ┼.
Received on 2012-10-24 00:09:15 CEST

This is an archived mail posted to the Subversion Dev mailing list.