[PATCH] posix: _really_ make sure .hg/cache/checklink points at a real file
Pierre-Yves David
pierre-yves.david at ens-lyon.org
Wed Nov 23 18:18:58 EST 2016
On 11/24/2016 12:15 AM, Mads Kiilerich wrote:
> On 11/23/2016 11:24 PM, Pierre-Yves David wrote:
>>
>>
>> On 11/23/2016 11:09 PM, Mads Kiilerich wrote:
>>> # HG changeset patch
>>> # User Mads Kiilerich <madski at unity3d.com>
>>> # Date 1479938505 -3600
>>> # Wed Nov 23 23:01:45 2016 +0100
>>> # Node ID 2841e0a6f97ba09dff5ffe7f42ac8c6e1b23338f
>>> # Parent 8836f13e3c5b8eae765372708b659c55a044cbb4
>>> posix: _really_ make sure .hg/cache/checklink points at a real file
>>>
>>> 8836f13e3c5b failed to do what it said; it did leave a dangling
>>> symlink. As
>>> promised, that broke setup.py sdist. It also broke stuff on Solaris
>>> where "cp
>>> -r" by default follows symlinks.
>>>
>>> Instead, make it point at ../00changelog.i, which is the file that is
>>> most
>>> likely to exist. This adds some extra layering violation ... but not
>>> much, in
>>> an innocent way, and it works ...
>>
>> Could we just create a empty file right next to this symlink and point
>> to that? That would seems more independant/robust.
>
>
> Right.
>
> Playing more around with this raise the question: Generally, when
> running hg commands that create/write files, how do we make sure that
> nobody fooled us and placed a symlink that can trick us to overwrite
> arbitrary files? Should we and do we always take precautions for that?
Don't we have a whole vfs auditing layer especially to protect us of
this class of issue? I think we should should always take precautions.
I'm not too sure how this relate to the current specific issue. Did I
miss something or are you expanding the discussion (which would be fine)
Cheers,
--
Pierre-Yves David
More information about the Mercurial-devel
mailing list