[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: More strict file permissions for the administrative ".svn" directories

From: Samuel ROZE <samuel.roze_at_gmail.com>
Date: Mon, 11 Jan 2010 13:43:05 +0100

Hello,

I use "svn co" like I explain, so I can use "svn update" to simply
update my projects. I think that it can be a good idea to remove read
for "o" but an experimented sys admin should know that .svn directory
mustn't be accessible from the web !

I use Apache and there is my configuration line which send a 404 error
when a HTTP client ask for .svn directory:

RedirectMatch 404 /\\.svn(/|$)

So simple...
Regards,
Samuel ROZE.

Le lundi 11 janvier 2010 à 13:05 +0200, Ivan Zahariev a écrit :
> Hello guys,
>
> Many developers checkout the working tree directly into the web server's
> public folder, and this imposes a security risk. Anyone can then point
> the URL of their browser within the ".svn/text-base" directory, for
> example, and access sensitive data such as previous versions of a file,
> or even the source code of it, because of the ".svn-base" suffix in the
> filename. This is described in more details at
> "http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/".
> I know that "svn export" exists and this is the way to checkout the tree
> properly and safely, but this is an extra step which developers have to
> do, and you know that extra steps are usually skipped, if they could be
> skipped.
>
> Nevertheless, I see no valid reason for the administrative ".svn"
> directories to be world-wide accessible; correct me if I'm wrong. That's
> why I propose that SVN creates these ".svn" directories with file
> permissions which disallow "others" to enter these directories. Here is
> the proposed patch against the source code of Subversion 1.6.6:
>
> --- ./subversion/libsvn_wc/adm_files.c-orig 2010-01-11
> 12:47:23.000000000 +0200
> +++ ./subversion/libsvn_wc/adm_files.c 2010-01-11 12:48:57.000000000 +0200
> @@ -627,7 +627,8 @@
> make_empty_adm(const char *path, apr_pool_t *pool)
> {
> path = svn_wc__adm_child(path, NULL, pool);
> - return svn_io_dir_make_hidden(path, APR_OS_DEFAULT, pool);
> + /* Protect the administrative subdir from being accessible by
> "others". */
> + return svn_io_dir_make_hidden(path, (APR_OS_DEFAULT & ~(APR_WEXECUTE
> | APR_WWRITE | APR_WREAD)), pool);
> }
>
> Please let me know what you think. Should I direct this to the "dev"
> mailing list? Thanks.
>
> Best regards,
> Ivan Zahariev
Received on 2010-01-11 13:43:43 CET

This is an archived mail posted to the Subversion Users mailing list.