hook security (was: Re: How to exclude files from merging)
Peter Arrenbrecht
peter.arrenbrecht at gmail.com
Thu Nov 13 02:29:10 CST 2008
On Thu, Nov 13, 2008 at 8:02 AM, Peter Arrenbrecht
<peter.arrenbrecht at gmail.com> wrote:
> On Wed, Nov 12, 2008 at 11:15 PM, Matt Mackall <mpm at selenic.com> wrote:
>> On Wed, 2008-11-12 at 16:24 -0500, Doug Philips wrote:
>>> On or about Wednesday, November 12, 2008, at 03:12PM, Matt Mackall indited:
>>> >The philosophical issue is: we can't trust other users. Config files can
>>> >say things like "run 'rm -rf /' whenever you do an hg status". Thus,
>>> >it's not a good idea to put this under control of other users. Ever.
>>> >
>>> >Any technology that doesn't address this very fundamental security issue
>>> >is indeed, as you say, moot. And I'm not very apologetic about it.
>>>
>>> Concrete example:
>>
>> Yes, we know all about that. In case it hasn't been mentioned yet,
>> you're now about a quarter of the way through rehashing the last
>> discussion on this topic. See here:
>>
>> http://mercurial.markmail.org/search/?q=clone+hgrc+date%3A200801
>>
>> That one had some interesting ideas, but didn't quite find a
>> satisfactory solution before running out of steam.
>
> While you didn't like it at the time, maybe the .hg/hgrc.d/* approach
> could help here in a safe way. Akin to Doug's `hg config` command,
> after cloning he could simply do a:
>
> ln -st .hg/ /central/hgrc.d
>
> or, in case he wants to keep hgrc.d free for linking in other stuff:
>
> mkdir .hg/hgrc.d
> ln -st .hg/hgrc.d/ /central/hgrc.d/thefile.hgrc
>
> Since these are symlinks, it would allow him to refer the central
> configs to someting pulled from a trusted repo, but it would be his
> conscious decision every time to do so.
>
> Maybe we can include this after all? It would be a totally trivial
> change, mimicking what Hg already does in /etc/hgrc.d/.
>
> Past discussion: http://mercurial.markmail.org/search/?q=hgrc.d+look+at
> Original patch: http://markmail.org/message/y5zedvjd6eadprii
Here's another interesting approach that was recently brought to my attention:
http://www.bitbucket.org/brodie/reposettings/src/tip/reposettings.py
If you keep your related repos (those needing similar hooks) in a
dedicated dir, then you could add a single [hook
/path/to/dedicated/dir] section to your .hgrc.
This is an extension, so it should be easy to pick up.
-parren
More information about the Mercurial
mailing list