You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Mark Phippard <Ma...@softlanding.com> on 2004/11/05 14:12:01 UTC
SVNPathAuthz and 1.1.1
I have seen it mentioned that you can add this setting to your Apache
config to restore the performance of svn log:
SVNPathAuthz Off
There is no mention of this in the book anywhere. What exactly does it
do?
I want the protection that authz provides for preventing writes to certain
folders. But I do not really care if someone can do an svn log or ls of
those folders. Is there some setting, possibly this one, that would allow
authz to still do the write protections but not do the new checking that
it does which hurts performance of svn log?
Thanks
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVNPathAuthz and 1.1.1
Posted by Mark Phippard <Ma...@softlanding.com>.
Ben Collins-Sussman <su...@collab.net> wrote on 11/05/2004 03:48:27 PM:
> >> 'SVNPathAuthz off' will completely disable all path-based authz
> >> checking. It prevents apache from doing GET subrequests to check the
> >> readability of specific repository paths.
> >
> > Thanks. What I do not get is why this is needed. Don't you have to
> > explicitly turn authz on anyway? What is the point of turning it on
> > and
> > off?
>
> mod_dav_svn has no idea if any authorization modules are loaded or not.
> So it's *always* doing GET subrequests on changed-paths, to verify
> whether a revision is wholly readable or not. Even if you have no
> authorization module loaded at all, the subrequests are still
> happening. Maybe they invoke an authorization module, maybe not.
>
> The effect of the security fixes is: mod_dav_svn does a lot more GET
> subrequests than it used to, especially on 'svn log' operations. It's
> a matter of authz correctness.
>
> So, even if you have no authorization module loaded at all, 'svn log'
> is now slower with the security fixes.
>
> The effect of "SVNPathAuthz off" is to disable GET subrequests
> completely, thus regaining speed, but abandoning all hope of authz.
OK, I just tried this and it seems to do what I want.
If I add this directive to my configuration file, people still cannot
browse, checkout or commit to the repository if I have them restricted in
mod_authz. But, for those that are authorized, the log command is now
blisteringly fast.
Am I missing something? Perhaps it is because I am only using
"repository-root" permissions?
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVNPathAuthz and 1.1.1
Posted by Mark Phippard <Ma...@softlanding.com>.
Ben Collins-Sussman <su...@collab.net> wrote on 11/05/2004 03:48:27 PM:
> On Nov 5, 2004, at 2:06 PM, Mark Phippard wrote:
>
> >>
> >> 'SVNPathAuthz off' will completely disable all path-based authz
> >> checking. It prevents apache from doing GET subrequests to check the
> >> readability of specific repository paths.
> >
> > Thanks. What I do not get is why this is needed. Don't you have to
> > explicitly turn authz on anyway? What is the point of turning it on
> > and
> > off?
>
> mod_dav_svn has no idea if any authorization modules are loaded or not.
> So it's *always* doing GET subrequests on changed-paths, to verify
> whether a revision is wholly readable or not. Even if you have no
> authorization module loaded at all, the subrequests are still
> happening. Maybe they invoke an authorization module, maybe not.
>
> The effect of the security fixes is: mod_dav_svn does a lot more GET
> subrequests than it used to, especially on 'svn log' operations. It's
> a matter of authz correctness.
>
> So, even if you have no authorization module loaded at all, 'svn log'
> is now slower with the security fixes.
>
> The effect of "SVNPathAuthz off" is to disable GET subrequests
> completely, thus regaining speed, but abandoning all hope of authz.
But wouldn't that mean that operations like svn co and svn ci would still
trigger the authz?
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVNPathAuthz and 1.1.1
Posted by Ben Collins-Sussman <su...@collab.net>.
On Nov 5, 2004, at 2:06 PM, Mark Phippard wrote:
>>
>> 'SVNPathAuthz off' will completely disable all path-based authz
>> checking. It prevents apache from doing GET subrequests to check the
>> readability of specific repository paths.
>
> Thanks. What I do not get is why this is needed. Don't you have to
> explicitly turn authz on anyway? What is the point of turning it on
> and
> off?
mod_dav_svn has no idea if any authorization modules are loaded or not.
So it's *always* doing GET subrequests on changed-paths, to verify
whether a revision is wholly readable or not. Even if you have no
authorization module loaded at all, the subrequests are still
happening. Maybe they invoke an authorization module, maybe not.
The effect of the security fixes is: mod_dav_svn does a lot more GET
subrequests than it used to, especially on 'svn log' operations. It's
a matter of authz correctness.
So, even if you have no authorization module loaded at all, 'svn log'
is now slower with the security fixes.
The effect of "SVNPathAuthz off" is to disable GET subrequests
completely, thus regaining speed, but abandoning all hope of authz.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVNPathAuthz and 1.1.1
Posted by Mark Phippard <Ma...@softlanding.com>.
Ben Collins-Sussman <su...@collab.net> wrote on 11/05/2004 02:55:57 PM:
> On Nov 5, 2004, at 8:12 AM, Mark Phippard wrote:
>
> > I have seen it mentioned that you can add this setting to your Apache
> > config to restore the performance of svn log:
> >
> > SVNPathAuthz Off
> >
> > There is no mention of this in the book anywhere. What exactly does
it
> > do?
>
> Sorry, I haven't documented it yet. It's broken in 1.1.0, fixed in
> 1.1.1
>
> 'SVNPathAuthz off' will completely disable all path-based authz
> checking. It prevents apache from doing GET subrequests to check the
> readability of specific repository paths.
Thanks. What I do not get is why this is needed. Don't you have to
explicitly turn authz on anyway? What is the point of turning it on and
off?
In other words, I assume that authz doesn't do anything unless I have the
AuthzSVNAccessFile directive specified. So why wouldn't I just remove
this directive if I didn't want the functionality?
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVNPathAuthz and 1.1.1
Posted by Ben Collins-Sussman <su...@collab.net>.
On Nov 5, 2004, at 8:12 AM, Mark Phippard wrote:
> I have seen it mentioned that you can add this setting to your Apache
> config to restore the performance of svn log:
>
> SVNPathAuthz Off
>
> There is no mention of this in the book anywhere. What exactly does it
> do?
Sorry, I haven't documented it yet. It's broken in 1.1.0, fixed in
1.1.1
'SVNPathAuthz off' will completely disable all path-based authz
checking. It prevents apache from doing GET subrequests to check the
readability of specific repository paths.
>
> I want the protection that authz provides for preventing writes to
> certain
> folders. But I do not really care if someone can do an svn log or ls
> of
> those folders. Is there some setting, possibly this one, that would
> allow
> authz to still do the write protections but not do the new checking
> that
> it does which hurts performance of svn log?
>
There's no setting that does the "old" style of path-based authz, since
it's inherently leaky.
If you just want to limit *write* access to paths, and still be
super-quick, then perhaps you should abandon mod_authz_svn altogether
and use a pre-commit hook script like svnperms.py.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org