Traversing symlinks
Matt Mackall
mpm at selenic.com
Tue May 17 13:52:13 CDT 2011
On Tue, 2011-05-17 at 14:02 +0200, Dominik Psenner wrote:
> > -----Original Message-----
> > From: mercurial-devel-bounces at selenic.com [mailto:mercurial-devel-
> > bounces at selenic.com] On Behalf Of Matt Mackall
> > Sent: Monday, May 16, 2011 8:14 PM
> > To: Martin Geisler
> > Cc: Mercurial Developers
> > Subject: Re: Traversing symlinks
> >
> > On Mon, 2011-05-16 at 19:57 +0200, Martin Geisler wrote:
> > > Hi guys,
> > >
> > > Way back in 2007, this changeset was added:
> > >
> > > http://selenic.com/hg/rev/d316124ebbea
> > >
> > > It makes Mercurial abort when it encounters a symlink on the way to a
> > > file -- even when the symlink points inside the repository:
> > >
> > > $ ln -s contrib extra
> > > $ hg status extra/mq.el
> > > abort: path 'extra/mq.el' traverses symbolic link 'extra'
> > >
> > > This seems a tad too restrictive to me,
> >
> > Ok, do tell, what have you lost by not being able to ask for the status
> > of a path you can't commit?
> >
> > > and Bryan did also flag this in
> > > the test and commit message.
> > >
> > > Would anybody object to me lifting this restriction?
> >
> > Yes.
> >
> > Most developers have only the vaguest idea of what the security
> > implications of symlinks are, and simply saying "this seems a tad too
> > restrictive" does not instill confidence that you've spent the time to
> > become an expert on this obscure and complicated subject.
>
> Isn't this something that is left over to whoever administrates a
> repository? Surely there are many cases and side-effects that may cause
> problems, but is it really hg's role to decide if it's fine or not?
Yes, it's definitely Mercurial's role to prevent you from getting 0wned
when you clone a random project from Bitbucket without even running it.
> One can
> for example hard-link subdirectories of a repository and experience similar
You'll be disappointed to learn that Unix has been playing nanny and
preventing users from hardlinking directories since at least 1976. See
line 5921 in Lions' if you have a copy handy. And you know something is
a -seriously- bad idea if Unix won't let you do it.
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial-devel
mailing list