RE: Re[4]: Very big problems with access rights (authz file using) in SVN v1.7.0

Wed, 19 Oct 2011 02:07:51 -0700 

> -----Original Message-----
> From: Johan Corveleyn [mailto:jcor...@gmail.com]
> Sent: woensdag 19 oktober 2011 9:26
> To: Bert Huijben
> Cc: Andrey; Stefan Sperling; users@subversion.apache.org
> Subject: Re: Re[4]: Very big problems with access rights (authz file
using) in
> SVN v1.7.0
> 
> On Wed, Oct 19, 2011 at 12:45 AM, Bert Huijben <b...@qqmail.nl> wrote:
> >
> >
> >> -----Original Message-----
> >> From: Johan Corveleyn [mailto:jcor...@gmail.com]
> >> Sent: woensdag 19 oktober 2011 0:32
> >> To: Bert Huijben
> >> Cc: Andrey; Stefan Sperling; users@subversion.apache.org
> >> Subject: Re: Re[4]: Very big problems with access rights (authz file
> > using) in
> >> SVN v1.7.0
> >>
> >> On Wed, Oct 19, 2011 at 12:17 AM, Bert Huijben <b...@qqmail.nl> wrote:
> >> >> -----Original Message-----
> >> >> From: Bert Huijben [mailto:b...@qqmail.nl]
> >> >> Sent: dinsdag 18 oktober 2011 19:43
> >> >> To: 'Andrey'; 'Johan Corveleyn'
> >> >> Cc: 'Stefan Sperling'; users@subversion.apache.org
> >> >> Subject: RE: Re[4]: Very big problems with access rights (authz file
> >> > using) in
> >> >> SVN v1.7.0
> >> >
> >> >> Ok, with that information I reproduced this problem in the
Subversion
> >> test
> >> >> suite on upgrading a working copy with server excluded (or 'absent')
> >> > nodes.
> >> >> After the upgrade updates fail.
> >> >>
> >> >> I will look into fixing this problem tomorrow. (If somebody else
wants
> > to
> >> >> look first, please let me know ;-)
> >> >
> >> > The problem is fixed on trunk and I nominated it for backport.
> >> >
> >> > Please ping your favorite committer to make him review the patch for
> >> > inclusion in 1.7.1 ;)
> >> >
> >> > All upgrades of working copies that contains information on
> > subdirectories
> >> > where the user doesn't have access to, have this same problem. I
think
> > the
> >> > only real way to resolve this issue on a working copy is checking out
> > again.
> >>
> >> Would 'svn up -r0 path/to/restrictedDir' on an
> >> already-upgraded-but-broken-wc also be able to repair it?
> >
> > No, this won't work.
> >
> > This trick relies on receiving the update from the current state to r0
from
> > the server, but you don't have the authorization to get this update from
> the
> > server.
> 
> And 'svn up -r0 path/to/parentOfRestrictedDir'?

This has the same effect as a normal update op parentOfRestricted dir. So
you probably receive a tree conflict (restricted dir is not unmodified)
*and* the failed update (security problem).

        Bert

Reply via email to