Hello, (firstly I apologise for mailing to both lists simultaneously but this concerns both products)
One of our developers accidentaly stumbled upon an effective way to DoS the whole server by unknowingly trying to access parts of SVN repo he was not authorized for. The svnserve daemon spawned a child which replied with "authorization error", but developer's client (TortoiseSVN) just created new connection and tried again, in a loop. For unknown reason, it also did not close previous connection and this resulted in creation of several thousand svnserve processes and server crash due to exhausted RAM issue. SVN server was running in standalone mode, version 1.7.1. Client has TortoiseSVN version 1.7.0. I have two questions: 1.) is this a known server issue and is there a way to limit number of processes svnserve creates in standalone mode? (we've switched ti xinetd currently to prevent DoS) 2.) is this a known client issue? Best regards, b.
