[PATCH] Check for .hgrc files in ancestor directories above the repository

[Peter Arrenbrecht]

On Jan 11, 2008 4:50 AM, Jesse Glick <jesse.glick at sun.com> wrote:
> Maxim Dounin wrote:
> > As I said before I'm even fine with your previous patch if this will
> > be configurable and off by default (so user have to explicitly switch
> > this on). I suggested the solution above just as one more flexible.
>
> Well, if you need to configure it anyway, you might as well specify the
> actual filenames to include.

+1; I like hgrc better than .hgrc here anyway so plain ls sees it (as
you said before). This would leave me free to choose as I like.

If no one has a convincing argument for the full parent scan, I would
leave it out. Just more stuff to document and maintain.

> A security issue I just thought of: a malicious repository administrator
> (or committer to that repository) with knowledge of your includeconfig
> setting could commit a config file in the correct location in the root
> repository of a forest. If you fclone and then do an operation on a
> nested repo, you pick up those settings, which could include malicious
> hooks. I think this attack could be deterred by refusing to read include
> files which are inside a Hg working copy (e.g. with some ancestor dir
> with a .hg subdir).

Good point. And if people start clamouring for included hgrcs from
parent repos, we can always add the option, which they'll have to
enable explicitly. That, however, might mean that

[include]
../.hgrc =
../../.hgrc =

would be more flexible as it gives us a natural place to configure
options per included hgrc.

-peo