On Tue, Jul 11, 2017 at 09:11:58PM +0200, Branko Čibej wrote:
> Another issue I have with the proposal is the idea to use file suffixes.
> That's usually the wrong way to go about things (case in point: Windows
> does it, with didastrous results). It's much better to determine file
> format by inspection, such as, e.g., libmagic does. We already have
> optional support for libmagic in the client (to set svn:mime-type).
I would not feel comfortable having the server parse arbitrary data with
libmagic. The libmagic code is not very safe to run on untrusted input.
I have seen libmagic crash my svn client on several occasions even on
text files I wrote.
At the client side it's a bit less dangerous because users have already
told svn to add the files in question to version control, and a libmagic
exploit running on the client machine can do less harm than a server-side one.
Granted, commits are usually authenticated. If we did this we should at
least make really sure that no unauthenticated access can trigger this code.
Ideally, it would be sandboxed somehow if we started using it on the server.
Received on 2017-07-12 01:19:13 CEST