Control: merge 1016889 1022711 Control: severity 1016889 important On Mon, Oct 24, 2022 at 02:48:17PM +0200, Vincent Lefevre wrote: > Control: retitle -1 svn tries to read a directory on a different filesystem > and hangs > Control: severity -1 grave > Control: tags -1 security > > On 2022-10-24 14:21:53 +0200, Vincent Lefevre wrote: > > I have a file called "svn-md5". When I want to open this file with > > emacs (including "emacs -Q"), emacs runs > > > > svn --non-interactive status -v svn-md5 > > > > (I don't know why), but "svn --non-interactive status -v svn-md5" > > hangs, so that I can't read the file. > > Reproducible with just a "svn info". The reason is that svn tries > to read "/home/.svn", which belongs to another filesystem and > possibly to another user.
This looks like the same root case as #1016889. Svn has to find the single .svn directory that versions the given directory. It walks up the filesystem to do this, just like git, but seems to have looser checks on which directories may be valid, which leads to issues like you report and the one in #1016889. > In addition to the hang, which affects > other applications like emacs, this is potentially a security issue. > svn should stop going up in the hierarchy once the mount point (or > home directory?) has been reached, or at least once the owner of the > directory changes. Why? There's nothing that says a working directory can't have subdirectories owned by different users. Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
