[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Introduce AuthzSVNGroupsFile configuration option for mod_authz_svn

From: Philip Martin <philip.martin_at_wandisco.com>
Date: Mon, 28 Jan 2013 11:10:12 +0000

Evgeny Kotkov <evgeny.kotkov_at_visualsvn.com> writes:

> * With includes in the configuration files an evil-doer could perform
> cross-repository configuration includes. That theoretically allows
> examininig the authorization rules for restricted repositories (e.g. via
> bruteforce).

Are you claiming the evil-doer could access the included files but not
the authz file itself? How would that be possible? Why does the same
argument not apply to the new directive?

> * As far as I understand, including huge arbitrary files for a single
> repository could potentially hang the whole server.

How does breaking an single authz file into multiple files makes this
worse? The include system could give the exact same behaviour as your
new directive if that is what the admin wants.

> * Includes add dynamic behavior in the authz scheme. Without them, the
> server administrator configures a static set of files used for the
> authorization process. With includes, however, this set it is no longer
> static — users can tell the server, which files it should use to perform
> the authz process.

I don't see what is "dynamic" about the include proposal. It's just
reading multiple files instead of one in svn_repos__authz_read.

> - Includes might require merging of access rules and configuration chunks from
> multiple files. With merging the whole authorization scheme could easily
> become unobvious and sort of counterintuitive.

It's simple text concatenation. We have an authz validation utility
that could spit out the combined file if really necessary.

> - Finally, the solution with a new directive follows the pattern
> already used (just add a new option — as it was done with
> AuthzSVNReposRelativeAccessFile).

So we now have 3 directives, do we need another directive for
relative/absolute path to the groups file? What about the next
enhancement? Suppose somebody wants to split "common" rules and
"per-repo" rules into separate files. Do we introduce yet another
directive for that? Two more directives if we want relative paths? Or
4 directives if we want common groups as well as common rules?

Also your directive needs a separate implementation in mod_authz_svn,
svnserve, svnauthz.c and any 3rd party users. The include system would
probably be implemented once in the libsvn_repos. 

-- 
Certified & Supported Apache Subversion Downloads:
http://www.wandisco.com/subversion/download
Received on 2013-01-28 12:11:01 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.