You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Greg Hudson <gh...@MIT.EDU> on 2004/06/29 01:14:20 UTC
Re: Proposal: Support for versioning symlinks and other
special files.
On Mon, 2004-06-28 at 20:37, Bruce Elrick wrote:
> Wouldn't standard OS permissions on the client take care of this? The client process runs with no greater priveledges than the
> user running them, correct (the svn executable isn't setuid or setgid)? If the user can run the mknod command, how is letting svn
> do the same any different?
The idea here is to protect the user from the server, not to protect the
operating system from the user.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Proposal: Support for versioning symlinks and otherspecial files.
Posted by kf...@collab.net.
Greg Hudson <gh...@MIT.EDU> writes:
> On Mon, 2004-06-28 at 21:19, Steve Williams wrote:
> > > The idea here is to protect the user from the server, not to protect the
> > > operating system from the user.
> >
> > Protect the user from themselves? Now that would be a selling point. :)
>
> I'm not sure how I'm failing to get through here. The server operator
> is not the user of the client.
I think he might have been kidding (by taking the original
misunderstanding and running with it, without actually endorsing the
misunderstanding himself).
-K
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Proposal: Support for versioning symlinks and
otherspecial files.
Posted by Greg Hudson <gh...@MIT.EDU>.
On Mon, 2004-06-28 at 21:19, Steve Williams wrote:
> > The idea here is to protect the user from the server, not to protect the
> > operating system from the user.
>
> Protect the user from themselves? Now that would be a selling point. :)
I'm not sure how I'm failing to get through here. The server operator
is not the user of the client.
If I type "svn co http://svn.collab.net/repos/svn/trunk", I expect it to
put some files on disk. I don't expect the server operators to be able
to instruct my client to run arbitrary commands or to be able to create
device special files in my working area. It would be a violation of
reasonable security expectations for Subversion to give the server too
much power by default.
(It so happens that what I'm checking out is a piece of software, which
I'm likely to try to compile and run, so the Collabnet people could have
just stuck their malicious code in the Makefile or whatever. But
Subversion is not only used to version source code, and people don't run
every piece of code they check out.)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Proposal: Support for versioning symlinks and otherspecial files.
Posted by Steve Williams <st...@kromestudios.com>.
> The idea here is to protect the user from the server, not to protect the
> operating system from the user.
Protect the user from themselves? Now that would be a selling point. :)
Sly
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org