[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

More strict file permissions for the administrative ".svn" directories

From: Ivan Zahariev <rrdtool_at_famzah.net>
Date: Mon, 11 Jan 2010 13:05:12 +0200

Hello guys,

Many developers checkout the working tree directly into the web server's
public folder, and this imposes a security risk. Anyone can then point
the URL of their browser within the ".svn/text-base" directory, for
example, and access sensitive data such as previous versions of a file,
or even the source code of it, because of the ".svn-base" suffix in the
filename. This is described in more details at
"http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/".
I know that "svn export" exists and this is the way to checkout the tree
properly and safely, but this is an extra step which developers have to
do, and you know that extra steps are usually skipped, if they could be
skipped.

Nevertheless, I see no valid reason for the administrative ".svn"
directories to be world-wide accessible; correct me if I'm wrong. That's
why I propose that SVN creates these ".svn" directories with file
permissions which disallow "others" to enter these directories. Here is
the proposed patch against the source code of Subversion 1.6.6:

--- ./subversion/libsvn_wc/adm_files.c-orig 2010-01-11
12:47:23.000000000 +0200
+++ ./subversion/libsvn_wc/adm_files.c 2010-01-11 12:48:57.000000000 +0200
@@ -627,7 +627,8 @@
 make_empty_adm(const char *path, apr_pool_t *pool)
 {
   path = svn_wc__adm_child(path, NULL, pool);
- return svn_io_dir_make_hidden(path, APR_OS_DEFAULT, pool);
+ /* Protect the administrative subdir from being accessible by
"others". */
+ return svn_io_dir_make_hidden(path, (APR_OS_DEFAULT & ~(APR_WEXECUTE
| APR_WWRITE | APR_WREAD)), pool);
 }

Please let me know what you think. Should I direct this to the "dev"
mailing list? Thanks.

Best regards,
Ivan Zahariev
Received on 2010-01-11 12:06:12 CET

This is an archived mail posted to the Subversion Users mailing list.