Ph. Marek wrote:
Are there permission leaks that I need to consider? For example,
with regular users on the box be able to read the contents of files
that they wouldn't normally be able to read by getting to them via
the pristine copies under /var/spool/fsvs? (That may even be a
nonsensical question, but it was one of the things I wondered about
with using SVN on things like /etc/shadow.)
There are no pristine copies. There are filelists and manber-hashes
for files > 128kB (ie. 2 32bit-CRCs and a MD5 per manber-block, which
is about 128kB).
Ah good. I hadn't delved too deeply into the WAA area yet. I don't see
any security issues there. The WAA directories are all drwxr-xr-x. The
only other leaked information would be the SVN URL. And I'm not sure
that qualifies. It does give an attacker some information about the SVN
server (username and destination) in the case where FSVS is talking to a
repository on another system.
I don't know whether that qualifies as a security problem ... But you
can always set the WAA as 0700.
I did try setting the WAA directory (/var/spool/fsvs) to 0700 at the
start (before running "fsvs init"), but after the init command, the
files and sub-directories were not 0700 but 0755. Probably a umask
issue on my part. I'll have to figure that one out when I setup the
next system.
4) "fsvs init" doesn't give any visual feedback to the user. Even
if I ran it twice on the same location. (The "poke it with a stick"
method to make it complain and give me some feedback?)
Init is the old command. The new command is "fsvs urls". As most unix
commands it says nothing on success ... Maybe I should change that.
That makes sense. Now I'm not so sure you need to change that (I'll use
"-v" next time).
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
