On Fri, 2010-07-09 at 12:45 -0400, Stefan Sperling wrote:
> It's the older Windows systems that will still have problems,
> and I don't think we should be ignoring them (as much as I'd love
> it if everyone just ditched Windows for good).
Is this really a concern on Windows systems? This is basic
On Fri, Jul 09, 2010 at 11:40:59AM -0500, Peter Samuelson wrote:
>
> [Stefan Sperling]
> > "Before the SO_EXCLUSIVEADDRUSE socket option was introduced, there was
> > very little a network application developer could do to prevent a
> > malicious program from binding to the port on which the netwo
[Stefan Sperling]
> "Before the SO_EXCLUSIVEADDRUSE socket option was introduced, there was
> very little a network application developer could do to prevent a
> malicious program from binding to the port on which the network
> application had its own sockets bound."
>
> So not using SO_EXCLUSIVE
On Fri, Jul 09, 2010 at 12:05:47PM -0400, Greg Hudson wrote:
> On Fri, 2010-07-09 at 11:44 -0400, Stefan Sperling wrote:
> > As far as I can tell there is little we can do to secure svnserve
> > against this attack on Windows systems other than Server 2003,
> > because APR won't let us set the SO_E
[Greg Hudson]
> That's okay, we don't want the SO_EXCLUSIVEADDR behavior. We want the
> default behavior under Windows, which corresponds to the SO_REUSEADDR
> behavior under Unix.
Well, the attack Stefan is referring to is if a third-party app (aka
virus) tries to bind with SO_REUSEADDR. Prior
On Fri, 2010-07-09 at 11:44 -0400, Stefan Sperling wrote:
> As far as I can tell there is little we can do to secure svnserve
> against this attack on Windows systems other than Server 2003,
> because APR won't let us set the SO_EXCLUSIVEADDR option.
That's okay, we don't want the SO_EXCLUSIVEADDR
On Fri, Jul 09, 2010 at 09:36:05AM -0500, Peter Samuelson wrote:
>
> [Stefan Sperling]
> > This doesn't make any sense.
> > I don't understand how an OS can allow a user process to break
> > a system service simply by binding a socket to the same port.
>
> And yet ... http://msdn.microsoft.com/en
[Stefan Sperling]
> This doesn't make any sense.
> I don't understand how an OS can allow a user process to break
> a system service simply by binding a socket to the same port.
And yet ... http://msdn.microsoft.com/en-us/library/ms740621%28VS.85%29.aspx
Once the second socket has successful
On Fri, Jul 09, 2010 at 06:25:20AM +, Lorenz wrote:
> just checked, and no there is no error message.
> Instead the newly started server blocks / hides the allready running
> one.
> In my case I have one server running as a windows service, serving a
> repo from a folder on my C: drive.
> If I
Stefan Sperling wrote:
>LAMBERT DAVID LD wrote:
>> On Windows Server 2003 R2, when svnserve is launched from the command
>> line prompt, and a svnserve is already running, the command keep running
>> indefinitly.
>>
>> It should instead stop and display an error message saying it's already
>> runn
serve fail to detect it is already running
On Thu, Jul 08, 2010 at 04:21:33PM +0200, LAMBERT DAVID LD wrote:
> Hi,
>
>
>
> I'd like to submit the following bug about SVN server :
>
> On Windows Server 2003 R2, when svnserve is launched from the command
> line prompt,
On Thu, Jul 08, 2010 at 04:21:33PM +0200, LAMBERT DAVID LD wrote:
> Hi,
>
>
>
> I'd like to submit the following bug about SVN server :
>
> On Windows Server 2003 R2, when svnserve is launched from the command
> line prompt, and a svnserve is already running, the command keep running
> indefin
Hi,
I'd like to submit the following bug about SVN server :
On Windows Server 2003 R2, when svnserve is launched from the command
line prompt, and a svnserve is already running, the command keep running
indefinitly.
It should instead stop and display an error message saying it's already
runni
13 matches
Mail list logo
