Vincent Lefevre wrote on Thu, 23 Jan 2020 15:50 +0100: > On 2020-01-23 12:44:02 +0100, Joerg Wunsch wrote: > > If the automounter already yields ENOENT for the ../.svn directory > > probe, everything is not going to be a problem. I think the point here > > is the automounter (eventually, after "thinking" about it for about 1 > > s) offers a successful stat() result for ../.svn (probably because > > that directory *might be* a possible mount point for the automounter) > > but then yields EIO when trying to access anything within that > > ficticous directory (because nothing is actually mounted there). > > Do you mean that Subversion tries to go higher in the hierarchy > without checking the owner of the directory? If it does, this is > a security issue.
How so? What's the attacker model? What can someone leverage this feature of Subversion to do that they couldn't do without it?
