[PATCH 3 of 3] hook: report untrusted hooks as failure (issue5110) (BC)
timeless
timeless at gmail.com
Fri Apr 15 09:26:21 EDT 2016
On Apr 15, 2016 3:50 AM, "Pierre-Yves David" <pierre-yves.david at ens-lyon.org>
wrote:
> After this patch, hooks from unstrusted config are taken in account but
never
Err untrusted configs; taken into
> actually run. Instead they are reported as failure right away.
As failures
> This will ensure
This ensures
> no validation performed by a hook will be ignored
"Will be" is too complicated.
Try "validation performed by a hook is not ignored"
> (as a fallback to "False" is
> better than a fallback to "True" here)
This doesn't make sense
> As a side effect writer can be forced to trust a repository hgrc by
adding a
> 'pretxnopen.trust=true' hook to the file.
> It turned out that the "trusted" concept did not had any ".t" test.
Did not have ... tests
> The test
> process do not have enough priviledge to change config file ownership.
Err privileges
> + # Be careful in this section, propagating the real command from an
Real commands
> + # untrusted source would create a security vulnerability, make sure
>From untrusted sources
> + # anything altered in that section use "_fromuntrusted" as its
command.
Uses
> + abortmsg = _('%s hook denied (from untrusted config)')
I'm not a fan of this wording
Probably "denied %s hook (....)"
> + warnmsg = _('warning: %s hook denied (from untrusted
config)\n')
Ditto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mercurial-scm.org/pipermail/mercurial-devel/attachments/20160415/b267e93f/attachment.html>
More information about the Mercurial-devel
mailing list