Edgewall Software
Modify

Opened 17 years ago

Closed 13 years ago

Last modified 11 years ago

#7343 closed defect (fixed)

Changeset module requires read permission to '/'

Reported by: anonymous Owned by: Christian Boos
Priority: normal Milestone: 0.12.3
Component: version control/changeset view Version: 0.10.4
Severity: critical Keywords: svnauthz, authzsourcepolicy
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

User can not see his own changeset contents if he does not have read permission to root directory of SVN repo (when using authz file).

Exists in 0.10.4 and 0.10-stable

Attachments (0)

Change History (13)

comment:1 by Piotr Kuczynski <piotr.kuczynski@…>, 17 years ago

Keywords: svn authz added
Milestone: 0.10.6

comment:2 by anonymous, 16 years ago

Milestone: 0.10.6
Severity: majorcritical
Version: 0.10-stable0.11

Same behavior in newly released 0.11. You have to have read access to SVN / to see any changeset, even your own.

comment:3 by Remy Blank, 16 years ago

Keywords: needinfo added

Is this a defect or by design? If we take the analogy of a filesystem, if I don't have read permission to /, I can't access any other resources on that filesystem. Sounds reasonable to me.

This is assuming that by "read permission to root directory of SVN repo", you mean the permissions set-up in the authz file, not filesystem permissions.

Could you please give some precisions on your setup (especially regarding permissions)?

comment:4 by anonymous, 16 years ago

I'm talking about permissions set by authz file, sorry if it is not clear from my initial post.

if I don't have read permission to /, I can't access any other resources on that filesystem. Sounds reasonable to me.

SVN has different semantics. Otherwise it would be useless in commercial organizations. You can give a user permission to access a particular directory, no need for everybody in company to have access to whole repository recursively from root.

say you have SVN structure like this:

/
/component1/
/component2/

and authz file like this:

[repo:/]
* = 
[repo:/component1/]
auser = rw
....

Then in trac if auser goes to /browser - he will get permission error - this is ok (but still may be handled better). If he goes to /browser/component1/ - he will see his sources - ok. But if he wants to diff two revisions in /component1/ - he will get permissions error. Same error happens if he navigates a changeset (containing only changes to /component1/) link from timeline.

The problem is that diff module works on behalf of user and starts recursively from svn root.

comment:5 by Remy Blank, 16 years ago

Keywords: needinfo removed
Milestone: 1.0

Ok, I understand what you want to achieve. Does Subversion have these semantics? That is, if you set up SVN with the authz file above, can auser check out /component1?

I'm not too familiar with authz permission settings, so I'll leave this ticket to somebody else.

in reply to:  5 comment:6 by anonymous, 16 years ago

Replying to rblank:

Ok, I understand what you want to achieve. Does Subversion have these semantics?

yes, it does.

That is, if you set up SVN with the authz file above, can auser check out /component1?

yep

I'm not too familiar with authz permission settings, so I'll leave this ticket to somebody else.

comment:7 by descent, 16 years ago

I would also really appreciate fixing this bug. I have a whole huge repo in my organisation, and want my team, whose project uses Trac, to only see this project and nothing else. They do not have read permissions to the root, and they won't. And because of that they cannot use changesets.

Btw there is another security issue in changesets (timeline part): if they cannot read the directory, they still can see all the changes from it in the log. I hacked Postgres DB to make this work (not to change the Trac code).

comment:8 by Christian Boos, 15 years ago

Keywords: svnauthz added; svn authz removed
Milestone: 1.00.12.1

comment:9 by anonymous, 15 years ago

A reason why read permission on / is sometimes not acceptable in subversion: if some UserA has / read permission but no read permission to a subdir projectInvisibleToUserA UserA can branch / to a subdir dir which is writeable for him and thus import all / subdirs. At least with subversion and path based authorization.

comment:10 by Christian Boos, 13 years ago

Milestone: next-minor-0.12.x0.12.3

I believe the patch added in #9976 also fixes this issue.

comment:11 by Stefan, 13 years ago

Version: 0.110.10.4

According to the comments, this had been an issue since 0.10.4 at least.

comment:12 by Christian Boos, 13 years ago

Resolution: fixed
Status: newclosed

Should be fixed by r10907.

Please reopen if this is not the case.

comment:13 by Ryan J Ollos, 11 years ago

Keywords: authzsourcepolicy added

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Christian Boos.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Christian Boos to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.