[prev in list] [next in list] [prev in thread] [next in thread] 

List:       subversion-issues
Subject:    [Issue 4374] New - authz will deny recursive access if a rule exists for a path even if the path doe
From:       breser () tigris ! org
Date:       2013-06-14 14:55:11
Message-ID: iz4374 () subversion ! tigris ! org
[Download RAW message or body]

http://subversion.tigris.org/issues/show_bug.cgi?id=4374
                 Issue #|4374
                 Summary|authz will deny recursive access if a rule exists for 
                        |a path even if the path doesn't actually exist.
               Component|subversion
                 Version|all
                Platform|All
                     URL|
              OS/Version|All
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|DEFECT
                Priority|P3
            Subcomponent|libsvn_repos
             Assigned to|issues@subversion
             Reported by|breser






------- Additional comments from breser@tigris.org Fri Jun 14 07:55:11 -0700 2013 \
------- Consider the following authz configuration:

[[[
[/foo/bar/baz]
* = 

[/]
* = rw
]]]

/foo/bar exists in the repo where bar is an empty directory.

If the user tries to do a:
svn cp ^/foo ^/x

They will get an error telling them access has been denied.  This is because \
svn_repos_authz_check_access()  when the required_access has svn_authz_recursive set \
walks the authz entries looking for any entries  starting the path passed to it.  But \
it does not bother to check that the path actually exists.

This means that authz is actually more strict than it needs to be.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=463&dsMessageId=3058080

To unsubscribe from this discussion, e-mail: \
[issues-unsubscribe@subversion.tigris.org].


[prev in list] [next in list] [prev in thread] [next in thread]