RE: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS
From: Bert Huijben <bert_at_qqmail.nl>
Date: Tue, 9 May 2017 13:00:00 +0200
> -----Original Message-----
But 'gpgpconf' is started.
The problem is that we just start external code... Which executable doesn't matter that much.
Subversion is a library and we should be very careful about this. I think this code is by default left out on Windows, but there are tons of cert reports where just loading a library dynamically to test something is a security problem, and just running an executable is far worse.
I don't see a problem with enabling this if we know the user uses gpg, but doing this on every auth request just to see if gpg can theoretically be used as backend is too much for me.
The function to test if there is a gpg store becomes several orders of magnitude slower, while we don't even cache the result... because the code used to be blazingly fast
The code forks the process, which may have severe consequences in certain environments involving threads (running inside Eclipse?)
This is no longer some small trivial change... It changes outside dependencies and security boundaries.
This is an archived mail posted to the Subversion Dev mailing list.