[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [security question] commit-email.pl completely ignores access rules

From: Stan Devyatovsky <stan_at_devyatovsky.com>
Date: 2005-05-01 11:43:53 CEST

So far, I have just created "a limited version" of commit-email.pl,
and called it commit-email-lim.pl

It sends only a list of added/modified/removed files, but does not
send the contents of those files. It somewhat solves an issue for me,
but I think all Subversion users which are concerned about security
(including me of course) would prefer more mature, reliable and
convenient solution, so that the users could see the modified file contents in
the case they have access to the files, and if they do not have access to
some file, they should never even know about it (even if it was
changed).

SD> I am interested in best security practices with Subversion. I've been
SD> very happy to setup Apache2+mod_dav_svn instead of standalone
SD> svnserve, because it allows for much better access control.

SD> Being able to restrict users from accessing each particular file or
SD> folder is just great!

SD> However, we also use a Post Commit hook script - commit-email.pl, and
SD> it completely disregards the security rules we've setup.

SD> Example security rules:
SD> [project:/src/harry]
SD> *=
SD> harry=rw
SD> [project:/src/sally]
SD> *=
SD> sally=rw
SD> [project:/src/shared]
SD> *=rw
SD> I don't want Harry to see Sally's source dir, and I don't want Sally
SD> to see Harry's source dir either. However they have a shared source
SD> folder, and they can both access it.
SD> Now, since we have a post commit hook (commit-email.pl), upon each
SD> commit both Harry and Sally will receive email notification with all
SD> changes in there. Sally will actually receive all Harry's changes via
SD> email, even those which he did in his private folder: /src/harry - and
SD> Sally is not supposed to ever see it!

SD> Is there any way to limit email notification, so that Sally sees only
SD> what she is supposed to see (changes in /src/sally and /src/shared,
SD> but not in /src/harry) ?
SD> Any ideas are welcome and greatly appreciated. 

-- 
Best regards,
 Stan                            mailto:stan@devyatovsky.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun May 1 11:47:26 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.