Ivan Zhakov <i...@visualsvn.com> writes: >> If the victim has a world writeable location in the search path the attacker >> could replace any DSO. > > The attacker cannot replace any DSO, because current directory has > lower priority than other locations. So in typical scenarios user is > not vulnerable, because DSO is found in other location. > > So for security reason we should load DSO using absolute path at least > on Windows.
I'm not sure how to get the absolute path. Does anyone build on Windows with SVN_USE_DSO set? -- Cerified & Supported Apache Subversion Downloads: http://www.wandisco.com/subversion/download
