[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [CONTRIB] hook script check-needs-lock-on-binaries.pl

From: Daniel Shahaf <danielsh_at_elego.de>
Date: Sun, 5 May 2013 03:10:13 +0300

Bastiaan Veelo wrote on Sat, May 04, 2013 at 22:58:52 +0200:
> # Heruistics to determine if file is binary.
> #
> # Take the paranoid approch, everything is binary, unless otherwise
> # stated If svn:eol-style is set, it is text If svn:mime-type is
> # text/*, it is text a configurable file glob list (extensions, *.txt,
> # etc) that are text (defined on the command line)
> sub file_is_binary {
> my $file = shift;
> if (has_svn_property($file, "svn:eol-style")) {
> return 0;
> }
> if (has_svn_property($file, "svn:mime-type")) {
> my ($mimetype) = read_from_process("$svnlook propget $flag $value $repos svn:mime-type \"$file\"");

That's a major security hole: an authenticated committer is able to run
arbitrary commands in the context of the OS user whom the commit process
runs as. (In particular, they can run 'rm -rf $repos' if they guess the
path to $repos.)

You need to escape $file properly. Probably by using the N-arguments
syntax of system() or open(), plus a '--' sentinel in svnlook's argv.
Received on 2013-05-05 02:10:54 CEST

This is an archived mail posted to the Subversion Dev mailing list.