Den tis 3 mars 2026 kl 18:53 skrev Sean Palmer <[email protected]>: > Failure as early as possible and with as little I/O > performed as possible would definitely be my preference, > but even writing and then bailing with deletion would be > acceptable for us, I expect. > > I agree that just how widely such a feature would be used > is hard to say. If nobody has requested it yet in the 25 > years that Subversion has been available, that probably > tells us something. But I see signs that the industry is > ramping up security compliance efforts, so perhaps more > attention will be paid in the future to this class of > problem. See e.g. CWE-400. > > https://cwe.mitre.org/data/definitions/400.html > > --sbp >
CWE-400 would certainly apply to the mod_dav_svn and svnserve servers where we (can) have anonymous users accessing the server remotely. I'm not sure if HTTPD will protect us here (it won't help us for svnserve but inetd might). I'm not so sure if we SHOULD offer protection to that kind to the command line client. We can't reasonably set a default limit in the client (or we'd get loads of angry users having WCs larger than that limit). We could of course add a command line parameter, but most users wouldn't even use it. To me this feels like a solution on the wrong abstraction level. If I'm managing a shared system, I'd limit resources on the OS level (using some kind of disk quota) to also protect from someone doing dd if=/dev/null of=/home/folder/trash. Cheers, Daniel
