[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Merkle trees in svn [was: Quick question about the sha1-checksum for directories in svn.]

From: Bert Huijben <bert_at_qqmail.nl>
Date: Thu, 5 Oct 2017 20:42:02 +0200

> -----Original Message-----
> From: Branko Čibej [mailto:brane_at_apache.org]
> Sent: donderdag 5 oktober 2017 19:29
> To: dev_at_subversion.apache.org
> Subject: Re: Merkle trees in svn [was: Quick question about the sha1-
> checksum for directories in svn.]
>
> On 05.10.2017 19:12, Daniel Shahaf wrote:
> > Branko Čibej wrote on Thu, 05 Oct 2017 18:44 +0200:
> >> On 05.10.2017 16:46, Julian Foad wrote:
> >>> Calculation of a directory's hash would have to happen for each
> >>> directory where the user has mixed access to the immediate children,
> >>> and for all parents of such a directory up to the root.
> >> And /that/ is the painful part: the fact that you need a depth-first
> >> traversal of the tree in order to calculate the hash for the root
> >> directory. And the reason why we're not exposing the directory hash,
> >> even if the FS stores it.
> > What if we only returned a checksum for nodes to which the user had
> > full recursive access? E.g., with "[/A/B] *=", the caller would be
> > able to retrieve checksums for /A/C, /A/D, /A/mu, and /A's property
> > hash, and for descendants of the first two, but that's it.
>
> That would leak permission settings. A user would know that she only sees a
> partial directory merely by checking for the presence of the directory
> checksum.

We already explicitly leak that there are server excluded subtrees in/for our delta editor / reporter design, so this would not be a security regression.

        Bert
>
> -- Brane
Received on 2017-10-05 20:42:13 CEST

This is an archived mail posted to the Subversion Dev mailing list.