You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Manuel VACELET <ma...@st.com> on 2005/03/02 13:45:45 UTC
.subversion default rights
Hi all,
I use subversion (client) 1.0.6 under both Solaris (8) and Linux build
from sources.
Default .subversion directory created by first svn call is bad protected
(probaly using default umask) instead of setting 'chmod 0600'. This
directory that can contains sensible datas (passwords in servers file)
so it have to be well protected by default.
I don't know if such problem is still relevant (I didn't found any
maching bug in your BTS).
Hope it helps,
Regards
Manuel
--
# VACELET Manuel manuel.vacelet-abecedaire(at)st(dot)com #
# STMicroelectronics - HPC/STS #
# 850, rue Jean Monet - 38926 CROLLES CEDEX - FRANCE #
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: .subversion default rights
Posted by David Ripton <dr...@ripton.net>.
On 2005.03.02 08:01:36 +0000, Ben Collins-Sussman wrote:
>
> On Mar 2, 2005, at 7:45 AM, Manuel VACELET wrote:
> >
> >Default .subversion directory created by first svn call is bad
> >protected (probaly using default umask) instead of setting 'chmod
> >0600'. This directory that can contains sensible datas (passwords in
> >servers file) so it have to be well protected by default.
> >
>
> Look again: ~/.subversion/auth/ is chmod 0700. That's where the
> sensitive data lies.
~/.subversion/servers has http-proxy-password and
ssl-client-cert-password fields.
--
David Ripton dripton@ripton.net
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: .subversion default rights
Posted by Manuel VACELET <ma...@st.com>.
Ben Collins-Sussman wrote:
>
> On Mar 2, 2005, at 8:30 AM, Manuel VACELET wrote:
>
>> Ben Collins-Sussman wrote:
>>
>>> On Mar 2, 2005, at 7:45 AM, Manuel VACELET wrote:
>>>
>>>>
>>>> Default .subversion directory created by first svn call is bad
>>>> protected (probaly using default umask) instead of setting 'chmod
>>>> 0600'. This directory that can contains sensible datas (passwords in
>>>> servers file) so it have to be well protected by default.
>>>>
>>> Look again: ~/.subversion/auth/ is chmod 0700. That's where the
>>> sensitive data lies.
>>
>>
>> Yes but ~/.subversion/servers file can contains sensitive data too
>> (E.g. proxy password).
>>
>
> Aha... you're right. Can you repost this to dev@subversion.tigris.org
> ? Maybe we can file an issue on this, or just make a quick code-fix.
Ok, done.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: .subversion default rights
Posted by Ben Collins-Sussman <su...@collab.net>.
On Mar 2, 2005, at 8:30 AM, Manuel VACELET wrote:
> Ben Collins-Sussman wrote:
>> On Mar 2, 2005, at 7:45 AM, Manuel VACELET wrote:
>>>
>>> Default .subversion directory created by first svn call is bad
>>> protected (probaly using default umask) instead of setting 'chmod
>>> 0600'. This directory that can contains sensible datas (passwords in
>>> servers file) so it have to be well protected by default.
>>>
>> Look again: ~/.subversion/auth/ is chmod 0700. That's where the
>> sensitive data lies.
>
> Yes but ~/.subversion/servers file can contains sensitive data too
> (E.g. proxy password).
>
Aha... you're right. Can you repost this to dev@subversion.tigris.org
? Maybe we can file an issue on this, or just make a quick code-fix.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: .subversion default rights
Posted by Manuel VACELET <ma...@st.com>.
Ben Collins-Sussman wrote:
>
> On Mar 2, 2005, at 7:45 AM, Manuel VACELET wrote:
>
>>
>> Default .subversion directory created by first svn call is bad
>> protected (probaly using default umask) instead of setting 'chmod
>> 0600'. This directory that can contains sensible datas (passwords in
>> servers file) so it have to be well protected by default.
>>
>
> Look again: ~/.subversion/auth/ is chmod 0700. That's where the
> sensitive data lies.
Yes but ~/.subversion/servers file can contains sensitive data too (E.g.
proxy password).
--
Manuel
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: .subversion default rights
Posted by Ben Collins-Sussman <su...@collab.net>.
On Mar 2, 2005, at 7:45 AM, Manuel VACELET wrote:
>
> Default .subversion directory created by first svn call is bad
> protected (probaly using default umask) instead of setting 'chmod
> 0600'. This directory that can contains sensible datas (passwords in
> servers file) so it have to be well protected by default.
>
Look again: ~/.subversion/auth/ is chmod 0700. That's where the
sensitive data lies.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org