[issue1450] security: hg extracts files within .hg dirs from repo into working copy
Peter Arrenbrecht
mercurial-bugs at selenic.com
Tue Dec 30 11:11:58 CST 2008
New submission from Peter Arrenbrecht <peter.arrenbrecht at gmail.com>:
If someone hacks his copy of Mercurial to allow him to commit a file like, for
example, a/.hg/hgrc, then a target's copy of Mercurial will happily apply the
file to the target's working copy. If the target then does `cd a; hg log .`, the
attacker could likely cause much grief.
Bundle with such path attached.
To write a test, I guess we would have to either create a flag to deactivate the
path auditor temporarily, or add such a bundle as a binary to the test.
----------
files: contains-.hg-hgrc.hgbundle
messages: 8311
nosy: durin42, parren
priority: critical
status: chatting
title: security: hg extracts files within .hg dirs from repo into working copy
topic: 1.1.1, security
____________________________________________________
Mercurial issue tracker <mercurial-bugs at selenic.com>
<http://www.selenic.com/mercurial/bts/issue1450>
____________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: contains-.hg-hgrc.hgbundle
Type: application/octet-stream
Size: 345 bytes
Desc: not available
Url : http://selenic.com/pipermail/mercurial-devel/attachments/20081230/ab9c1e42/attachment.obj
More information about the Mercurial-devel
mailing list