[prev in list] [next in list] [prev in thread] [next in thread] 

List:       subversion-issues
Subject:    =?UTF-8?B?W0lzc3VlIDIzODhdIE5ldyAtIFJlcG9zaXRvcnkgY291bGQgYmUgbQ==?=
From:       oka () tigris ! org
Date:       2005-08-26 16:18:02
Message-ID: 20050826161802.4905.qmail () tigris ! org
[Download RAW message or body]

http://subversion.tigris.org/issues/show_bug.cgi?id=2388
                 Issue #|2388
                 Summary|Repository could be modified without write access.
               Component|subversion
                 Version|1.2.x
                Platform|All
                     URL|
              OS/Version|All
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|DEFECT
                Priority|P3
            Subcomponent|libsvn_ra_dav
             Assigned to|issues@subversion
             Reported by|oka






------- Additional comments from oka@tigris.org Fri Aug 26 09:18:02 -0700 2005 -------
Hello,

I found the following security issue with DAV repository access. Below is
JavaSVN code:

SVNRepository repos = SVNRepositoryFactory.createRepository(...);
ISVNEditor editor = repos.getCommitEditor("message", null);
editor.openRoot(-1);
editor.closeEdit();

In the above code no exception is thrown, and repository revision goes up after
commit. User do not have write access to repository, only RO access. Adding
editor.addFile(...) call causes auth exception to be thrown.

Tested with Subversion repository 1.2.1, but it is not reproducible with
Subversion repository at svn.collab.net. Probably MKACTIVITY requires
authentication with some apache servers/configurations and does not require it
with others.

My apache configuration is:

        <Location /svn/repos>
                DAV svn
                SVNParentPath /var/svn/repos

                AuthzSVNAccessFile conf/svn-access

                Satisfy Any
                Require valid-user

                AuthType Basic
                AuthName "Subversion repository"
                AuthUserFile conf/svn-passwd
        </Location>

svn-access file:

[/]
* = r
user0 = rw
user1 = rw
user2 = rw

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@subversion.tigris.org
For additional commands, e-mail: issues-help@subversion.tigris.org

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic