subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko Čibej <br...@wandisco.com>
Subject Re: The patch-exec branch
Date Sat, 01 Aug 2015 07:43:25 GMT
On 01.08.2015 09:24, Greg Stein wrote:
> On Fri, Jul 31, 2015 at 6:36 PM, Daniel Shahaf <d.s@daniel.shahaf.name
> <mailto:d.s@daniel.shahaf.name>> wrote:
> >...
>
>     Two questions:
>
>     - When one side of the diff is in the OS filesystem, do we still fold
>       its value to 644/755 for output?
>
>     - If yes, how do we choose between 644 and 755?  (e.g., do we use
>       "x & 0111 == 0111", or "x & 0100 == 0100", or access(X_OK), or …)
>
>     My answer to the first question is "yes", as discussed above.
>
>
> Whatever the answer, I don't think the client should _ever_ set
> group/world *write* [directed by the "server"]. Maybe not execute,
> too. That just screams for creating a point of abuse. (maybe umask
> applies, but I'd prefer to ignore that; we're getting perm bits from
> (potentially) an untrusted server)

We have io_set_file_perms in libsvn_subr/io.c which we should be using
here. Currently it tries to set all executable bits (user, group and
world) but only the user-write bit for readonly/writable transitions. I
don't recall offhand if apr_file_perms_set filters by umask or not.

And FWIW, we should ignore the read-write perms from Git diffs and only
(try to) tweak the executable bit. Having a read-only versioned file in
our working copy that doesn't also have the svn:needs-lock property will
likely cause all sorts of problems.

-- Brane


Mime
View raw message