[darcs-devel] [issue1515] create checklist of potential security issues trying to give darcs-only access to a repo

Eric Kow bugs at darcs.net
Sun Aug 9 00:02:04 UTC 2009


New submission from Eric Kow <kowey at darcs.net>:

Trent from msg8043:
> I'm happy with WONTFIXing this (and the other) gaping security holes
> if we document VERY explicitly that you cannot give darcs push access
> to a user without also giving them a full shell.
> 
> I'm not sure where this caveat should be tacked on; certainly darcs
> help should mention it, but in which command?
> 
> I'd also very much like a detailed list of known exposures on a wiki
> page, so that anyone who thinks "pshaw, I can lock down darcs apply!"
> will have a checklist of things to address.

----------
messages: 8047
nosy: dmitry.kurochkin, kowey, simon, thorkilnaur, twb
priority: feature
status: unread
title: create checklist of potential security issues trying to give darcs-only access to a repo
topic: Documentation

__________________________________
Darcs bug tracker <bugs at darcs.net>
<http://bugs.darcs.net/issue1515>
__________________________________


More information about the darcs-devel mailing list