Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-4374

authz will deny recursive access if a rule exists for a path even if the path doesn't actually exist.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: all
    • Fix Version/s: ---
    • Component/s: libsvn_repos
    • Labels:
      None

      Description

      Consider the following authz configuration:
      
      [[[
      [/foo/bar/baz]
      * = 
      
      [/]
      * = rw
      ]]]
      
      /foo/bar exists in the repo where bar is an empty directory.
      
      If the user tries to do a:
      svn cp ^/foo ^/x
      
      They will get an error telling them access has been denied.  This is because svn_repos_authz_check_access() 
      when the required_access has svn_authz_recursive set walks the authz entries looking for any entries 
      starting the path passed to it.  But it does not bother to check that the path actually exists.
      
      This means that authz is actually more strict than it needs to be.
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              breser Ben Reser
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated: