subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Sperling <>
Subject Re: Proposal: new fsfs.conf properties
Date Tue, 11 Jul 2017 20:50:37 GMT
On Tue, Jul 11, 2017 at 09:11:58PM +0200, Branko ─îibej wrote:
> Another issue I have with the proposal is the idea to use file suffixes.
> That's usually the wrong way to go about things (case in point: Windows
> does it, with didastrous results). It's much better to determine file
> format by inspection, such as, e.g., libmagic does. We already have
> optional support for libmagic in the client (to set svn:mime-type).

I would not feel comfortable having the server parse arbitrary data with
libmagic. The libmagic code is not very safe to run on untrusted input.
I have seen libmagic crash my svn client on several occasions even on
text files I wrote.

At the client side it's a bit less dangerous because users have already
told svn to add the files in question to version control, and a libmagic
exploit running on the client machine can do less harm than a server-side one.

Granted, commits are usually authenticated. If we did this we should at
least make really sure that no unauthenticated access can trigger this code.
Ideally, it would be sandboxed somehow if we started using it on the server.

View raw message