Vincent Lefevre wrote on Thu, 23 Jan 2020 15:50 +0100:
> On 2020-01-23 12:44:02 +0100, Joerg Wunsch wrote:
> > If the automounter already yields ENOENT for the ../.svn directory
> > probe, everything is not going to be a problem. I think the point here
> > is the automounter (eventually, after "thinking" about it for about 1
> > s) offers a successful stat() result for ../.svn (probably because
> > that directory *might be* a possible mount point for the automounter)
> > but then yields EIO when trying to access anything within that
> > ficticous directory (because nothing is actually mounted there).
>
> Do you mean that Subversion tries to go higher in the hierarchy
> without checking the owner of the directory? If it does, this is
> a security issue.
How so? What's the attacker model? What can someone leverage this
feature of Subversion to do that they couldn't do without it?
Received on 2020-01-23 19:41:05 CET