On 5/15/14, 1:15 AM, Terry Dooher wrote:
> That's so much clearer now and sounds like something I can definitely use.
> As I understand it, the downside is that the server will reveal path components
> and filenames within restricted areas during log operations?
Don't think you quite understand yet. If Subversion is revealing path
compontents/filenames within restricted areas during log then it can be
revealing file contents (by way of the REPORT method and bulk updates).
The short_circuit setting can only break security in this way if and only if
you have some other module than mod_authz_svn that looks at paths to determine
what access to provide. Many modules may have different configurations per
Location, but most don't look at the path like mod_authz_svn does and give
different answers within the same Location for the same request. In fact I'm
not aware of any such module that does this that comes with httpd, so you'd
have to install some 3rd party or custom module to run into this. Meaning for
the vast majority of users if they're using mod_authz_svn they should have
SVNPathAuthz set to short_circuit.
The off setting, should never be used with mod_authz_svn. It's probabbly
possible to configure things such that you only leak file paths, by disabling
bulk updates. But I'm not 100% sure that there isn't an edge case that
wouldn't be missed by that.
For the vast majority of users these rules are true:
Using mod_authz_svn with an AuthzSVNAccessFile set you want SVNPathAuthz set to
short_circuit.
Not using mod_authz_svn, no AuthzSVNAccessFile set, you want SVNPathAuthz set
to off.
The exception is if you use some weird authorization module like I explained above.
Received on 2014-05-16 21:37:15 CEST