[PATCH 2 of 2] Treat extension load paths as relative to the defining hgrc
Peter Arrenbrecht
peter.arrenbrecht at gmail.com
Mon Jan 28 09:55:45 CST 2008
> I don't think so. You still need to explicitly ask to load the extension
> in your .hg/hgrc, which cannot be part of a versioned repository.
Indeed. Thanks for clarifying.
-peo
On Jan 28, 2008 2:54 PM, Jesse Glick <jesse.glick at sun.com> wrote:
> Peter Arrenbrecht wrote:
> >> perhaps even keeping it inside the project
> >
> > Doesn't that open up the very same security hole you brought up when
> > we discussed scanning parent dirs for .hgrc files to include?
>
> I don't think so. You still need to explicitly ask to load the extension
> in your .hg/hgrc, which cannot be part of a versioned repository. People
> can already write e.g.
>
> [hooks]
> precommit.x = ./dosomething.sh
>
> If you write that then you must trust that the file 'dosomething.sh' in
> the repository will not contain, e.g., 'sudo rm -rf /'. Similarly, if
> you ask to load an extension by relative path, you must trust that
> extension.
>
>
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at selenic.com
> http://selenic.com/mailman/listinfo/mercurial-devel
>
More information about the Mercurial-devel
mailing list