> -----Original Message-----
> From: Stefan Sperling [mailto:stsp_at_elego.de]
> Sent: zondag 4 oktober 2015 22:01
> To: Branko Čibej <brane_at_apache.org>
> Cc: users_at_subversion.apache.org
> Subject: Re: Bug report: The auto-props setting of svn:mime-type is
> impossible to avoid.
>
> On Sun, Oct 04, 2015 at 09:16:04PM +0200, Branko Čibej wrote:
> > On the other hand, I am surprised that the logic that uses libmagic
> > isn't turned off with 'enable-auto-props=no'. After all, using libmagic
> > is just a convenient extension to the definitions in the [auto-props]
> > section.
>
> Recall that the idea was to make setting svn:mime-type convenient.
>
> Before we added this feature, people had to fiddle with their client
> config, know what MIME-types are about, what useful values to set
> them to, and keep their config consistent across all systems they
> used since libmagic support pre-dates the svn:autoprops feature.
> In a sane universe, almost nobody would ever bother setting it up that way.
>
> I am not opposed to the idea, though. But not because of the fairly
> minor configurability issues raised in this thread. Rather, because
> the more I learn about how libmagic actually works, the more potentially
> dangerous, from the security point of view, it seems to be.
> The libmagic parser could potentially cause security problems whenever
> people are adding untrusted files to SVN. Which is a good reason to make
> this feature opt-in.
I would support changing Subversion to -by default- disable this feature, unless it is enabled in the configuration (or some flag passed to 'svn add' in 1.10+).
I'm not sure if I would call it a security problem when a user adds a file of their choosing to Subversion though :-)
This whole discussion -in its many iterations- is one of the reasons why I never looked at enabling this feature on Windows.
Bert
Received on 2015-10-05 00:07:12 CEST