[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature request: allow for relative working copy paths in svn:externals definition

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Fri, 2 Mar 2012 07:12:34 -0500

On Fri, Mar 2, 2012 at 6:13 AM, Humm, Markus <Markus.Humm_at_de.ebmpapst.com>wrote:

> Hello,
>
> thanks for your answer.
>
> While it is nice that you have concerns about my security in case I should
> have to deal with malicious servers,
> I would prefer to have a choice. Maybe some setting wich allows me, based
> on the server URL (or if that's too
> complicated for a start), to allow ../ in local externals paths or
> disallow this. With such a setting, SVN would
> seamlessly allow us to use our current directory layout while maintaining
> the benefits of atimic checkins.
>
> Excuse me, but given the layout requirements you seek, can you get away
with symlinks?

There are too many cases where non-root users have access to Subversion
repositories for repositories that get run by, and manipulated by, the root
user. The possibility of escalation attacks for *other* environments seems
very large.

> A colleague of mine who uses a similiar directory layout and currently
> uses CVS and would have to switch when our
> SVN rollout happens now claimed that CVS supports this way of working
> (directory structure). If I'm not mistaken
> SVN uses the claim "CVS done right". So it should support this, as this is
> a legitimate directory structure
> And imposes no security problems in secure environments (eg. Our campus
> LAN with out local SVN server I administer).
>

Then write your own patch to disable the checks. For general deployment, I
think it's begging for escalation attacks.

What do I need to do to get this feature? Where do I need to lobby for it?
>

I'm an old user, not a core developer, but this would seem to be a good
place for general discussion I can see the escalation attacks in a more
general environment, myself: I see too many places in environments where I
work that an *accidental* such use could cause endless havoc by
pre-populating a system directory, such as, say, /etc/nagios.
Received on 2012-03-02 13:13:11 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.