Short answer: SVN is master here. All that whimsy is doing is providing URL links to the ICLA in SVN. If Whimsy shows the link to a person who is not authorized, that person can click on the link, but svn will reject access.
Example links for you to try: https://svn.apache.org/repos/private/documents/iclas/sam-ruby.pdf https://svn.apache.org/repos/private/documents/iclas/shane-curcuru.pdf - Sam Ruby On Tue, Mar 8, 2022 at 7:32 AM Shane Curcuru <a...@shanecurcuru.org> wrote: > > Sebb (Jira) wrote on 3/8/22 7:10 AM: > ... > > Sebb commented on WHIMSY-383: > > ----------------------------- > > > > Infra will need to update the SVN auth (pit-auth) as well. > > Whimsy cannot grant access that it does not have. > ... > > Is there any way this change - either in whimsy or by infra - could > result in other security issues? Sam's if statement seems OK, and > Secretary can already see ICLAs, but I'm wondering why/how infra would > need to change the svn auth as well. > > Question: how, is a user authorized in each step of this case? > > - User navigates to /roster/curcuru (or various other pages) > - httpd auths the user via LDAP (pretty simple & secure) > - roster app loads, and might use our model to also auth specific roles > (or _self_) of the user gotten from httpd to choose code paths to go down > - roster app tries to display my data, which means it goes into various > parts of the model(s) to possibly auth me again (in ruby) for specific > data from the model (like here; secretary + root bypass some things) > - roster app gets here, decides I'm OK, and then ALSO goes and reads my > icla file or membership file from svn > -- When it reads from svn, what user is it acting as? > - Anything else? > > I worry about two things: > - Code bugs in Whimsy, where our code grants the wrong people access > - Subtle bugs in Whimsy that could allow our applications access to > sensitive files because our tools have whimsysvn or whatever access to > SVN or other sources > > -- > - Shane > Apache Whimsy PMC > The Apache Software Foundation > > -- > - Shane > Member > The Apache Software Foundation
