[PATCH] Check for .hgrc files in ancestor directories above the repository
Maxim Dounin
mdounin at mdounin.ru
Fri Jan 11 05:39:53 CST 2008
Hello!
On Thu, Jan 10, 2008 at 10:50:10PM -0500, Jesse Glick wrote:
>Maxim Dounin wrote:
>> As I said before I'm even fine with your previous patch if this will
>> be configurable and off by default (so user have to explicitly switch
>> this on). I suggested the solution above just as one more flexible.
>
>Well, if you need to configure it anyway, you might as well specify the
>actual filenames to include.
>
>A security issue I just thought of: a malicious repository administrator
>(or committer to that repository) with knowledge of your includeconfig
>setting could commit a config file in the correct location in the root
>repository of a forest. If you fclone and then do an operation on a
>nested repo, you pick up those settings, which could include malicious
>hooks. I think this attack could be deterred by refusing to read include
>files which are inside a Hg working copy (e.g. with some ancestor dir
>with a .hg subdir).
This whould basically prevent you from using included .hgrc if you
are managing your home with Mercurial. Another possible solution
is to use only files inside '.hg' subdir itself since it's banned
in util.path_auditor() and thus cannot be added or checked out
(and checking out .hg dir whould basically introduce same security
issue).
So if one want to create included config he creates hierarchy like
this:
.hg
|-hgrc_included
repo1
repo2
and adds to ~/.hgrc something like this:
includeconfig = ../.hg/hgrc_included
Maxim Dounin
More information about the Mercurial-devel
mailing list