C. Michael Pilato wrote: > Peter Samuelson wrote: >> [Jon Foster] >>> All he has to do is change the svn:sync-from-url property on the >>> mirror repository to be a file:// URL to the source repository, >>> rather than a http:// one. The correct file:// URL is probably >>> guessable. >> I'd never thought of this as as security problem, but I _do_ think it's >> a suboptimal design where a svnsync setup stores state on the mirrored >> repository which is relative not to the mirror, but to whoever is >> running svnsync. >> >>> Please can we change "svnsync sync" to allow both the source and >>> target URLs to be specified? That rather simple measure would block >>> this attack. Since svnsync is usually invoked from a script, typing >>> the extra URL isn't a problem. >> Yes, this sounds like a good design anyway, aside from the security >> question. > > I'm coding right now along these lines.
By the way, I'm tracking this is issue #3637[1]. The proposed solution has been committed to trunk. [1] http://subversion.tigris.org/issues/show_bug.cgi?id=3637 -- C. Michael Pilato <cmpil...@collab.net> CollabNet <> www.collab.net <> Distributed Development On Demand
signature.asc
Description: OpenPGP digital signature
