Hi everyone
The problem:
Through the AuthzSVNAccessFile I gave read rights to anonymous users (*
= r). With that very right an anonymous user can now change a revision
property like svn:log (I obviously enabled revprop changes). In my
opinion that should not be possible.
Situation:
Client: WinXP, TortoiseSVN 1.5.3
TortoiseSVN --> Show log --> right click a revision --> edit log message
--> changing something in the log message --> OK
SVN server: 1.4.3 on Windows with Apache 2.0.59 (Polarion ALM for
Subversion 3.1.2; www.polarion.ch)
httpd.conf:
<Location /repo>
DAV svn
SVNPath "D:/Polarion/data/svn/repo"
# our access control policy
AuthzSVNAccessFile "D:/Polarion/data/svn/access"
# try anonymous access first, resort to real
# authentication if necessary.
Satisfy Any
# how to authenticate a user
AuthType Basic
Require valid-user
Require filter "(objectclass=*))"
AuthName "Subversion repository on my_server"
#AuthUserFile "D:/Polarion/data/svn/passwd"
# The LDAP Settings go here
# Bind_Tries 2
LDAP_Debug Off
LDAP_Protocol_Version 3
LDAP_Server my_ldap_server
# default is 389; if SSL is on, you must specify it and standard is
636
LDAP_Port 389
# Connect timeout in seconds
#LDAP_Connect_Timeout 3
# base distinguished name for search
Base_DN "dc=my_company,dc=com"
# The user and password used to login to LDAP server to perform the
searches
# (Active Directory requires "bind" action)
# Bind_DN "cn=[USER],cn=users,dc=company,dc=com"
# Bind_Pass "[PASSWORD]"
# This must be set to the name of attribute used to search user by
# And value from this attribute is also used as "Login Name"
# sAMAccountName is from Active Directory, with other LDAP server use
for example uid
UID_Attr uid
SVNAutoversioning on
</Location>
access file:
[groups]
everyone = admin, other_users
admin = admin
user = admin, other_users
... and a couple more
[/]
* = r
@user = rw
@admin = rw
polarion = r
[/.polarion]
@user = r
@admin = rw
[/.polarion/user-management/users]
@user = rw
@admin = rw
[/.polarion/security]
polarion = rw
@admin = rw
Three hook scripts are in place and working:
post-commit.bat
pre-revprop-change.bat
post-revprop-change.bat
I am aware of the possibility to limit the anonymous user to read
operations in httpd.conf:
<Limit OPTIONS PROPFIND GET REPORT>
Satisfy Any
</Limit>
That works just fine. But I still think it should not be possible to
change a property with read rights
I tried to get some input via IRC but didn't find someone who had the
possibility to reproduce it.
http://colabti.org/irclogger/irclogger_log/svn?date=2008-09-19 starting
at 07:09, user d7solla and d7solla_
Kind regards
Alain Sollberger
This message may contain legally privileged or confidential information and is therefore addressed to the named persons only. The recipient should inform the sender and delete this message, if he/she is not named as addressee.
The sender disclaims any and all liability for the integrity and punctuality of this message. The sender has activated an automatic virus scanning, but does not guarantee the virus free transmission of this message.
Received on 2008-09-19 17:51:08 CEST