Traversing symlinks
Dominik Psenner
dpsenner at gmail.com
Tue May 17 07:02:23 CDT 2011
> -----Original Message-----
> From: mercurial-devel-bounces at selenic.com [mailto:mercurial-devel-
> bounces at selenic.com] On Behalf Of Matt Mackall
> Sent: Monday, May 16, 2011 8:14 PM
> To: Martin Geisler
> Cc: Mercurial Developers
> Subject: Re: Traversing symlinks
>
> On Mon, 2011-05-16 at 19:57 +0200, Martin Geisler wrote:
> > Hi guys,
> >
> > Way back in 2007, this changeset was added:
> >
> > http://selenic.com/hg/rev/d316124ebbea
> >
> > It makes Mercurial abort when it encounters a symlink on the way to a
> > file -- even when the symlink points inside the repository:
> >
> > $ ln -s contrib extra
> > $ hg status extra/mq.el
> > abort: path 'extra/mq.el' traverses symbolic link 'extra'
> >
> > This seems a tad too restrictive to me,
>
> Ok, do tell, what have you lost by not being able to ask for the status
> of a path you can't commit?
>
> > and Bryan did also flag this in
> > the test and commit message.
> >
> > Would anybody object to me lifting this restriction?
>
> Yes.
>
> Most developers have only the vaguest idea of what the security
> implications of symlinks are, and simply saying "this seems a tad too
> restrictive" does not instill confidence that you've spent the time to
> become an expert on this obscure and complicated subject.
Isn't this something that is left over to whoever administrates a
repository? Surely there are many cases and side-effects that may cause
problems, but is it really hg's role to decide if it's fine or not? One can
for example hard-link subdirectories of a repository and experience similar
problems as he would do with symlinks but you cannot hold him down from
doing it. All one can do is try to teach people to do the right thing by
placing a big fat red label on it stating "HAZARD, BEWARE!", but that's
already all one can and should do, ain't so?
JMTC
>
> --
> Mathematics is the supreme nostalgia of our time.
>
>
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at selenic.com
> http://selenic.com/mailman/listinfo/mercurial-devel
More information about the Mercurial-devel
mailing list