[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw: subversion stores passwords by default / Proposal

From: Hadmut Danisch <hadmut_at_danisch.de>
Date: Thu, 20 Mar 2008 22:43:41 +0100

Paul Koning wrote:
> So how does this avoid the security issue? The substantive change is
> that you've flipped the default to "don't store". But if it is
> stored, it's still stored on disk, in cleartext.
>

It does not store it if you don't want it.

You are still hanging on the idea that svn must authenticate automatically.

This is not always what the user wants, as the many complains about that
password thing show.

Even if you are pretty much aware of that issue and the config options,
it is
still an awful trap.

I was checking out configuration files from a svn respository
into /etc of several freshly installed computers.

On one of the computers I just forgot to change the svn config options
to not store
the password and accidently wrote the password on the disk.

Although I immediately realized this, it raises the problem how to clean
the disk again, since simply removing a file does not really help. You
need to
install wipe tools etc.

You should not put a password onto disk without making sure that the
user is
aware of this and really wants it that way.

> (Cleartext or equivalent. Absent an API where the kernel has a
> persistent copy of the user password and can use that to decrypt files
> -- which Linux doesn't have as far as I know -- even a scrambled
> on-disk copy is functionally equivalent to cleartext.)
>
> I believe the current credentials cache is already per-repository, so
> that part of your proposal is covered. Browse around
> $HOME/.subversion/auth/svn.simple, you'll see it.
>
>
Again, you still miss the problem.

regards
Hadmut

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-20 22:44:02 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.