[darcs-users] patcher without a user

David Roundy droundy at abridgegame.org
Tue Jul 29 11:04:09 UTC 2003 

On Tue, Jul 29, 2003 at 03:18:53AM -0700, John Meacham wrote:
> I was playing around and found there was no need to create a user for
> patcher. no need to even have root access if you have a modern mailer.
> 
> create a .forward+darcs file in your home directory with 
> | "HOME=<repopath> ; cd <repopath> ; path/to/darcs-patcher"
> 
> now, people can send patches to user+darcs at domain.com
> 
> the + format should work for anyone using postfix, qmail uses '-'s i
> believe for the same thing. 
> 
> if you don't have either, then adding a line to /etc/aliases of the
> above form should work just fine. 
> 
> if none of the above work, a .procmail entry to redirect darcs patches
> should work anywhere.

That's a cool trick! :) The one thing to be careful about is that giving
someone access to your darcs-patcher repository pretty much gives them the
ability to do whatever they want as the user it runs under, because they
can modify the darcs_test script to run arbitrary code.  So you'll want to
be especially careful to only allow the gnupg keys of users you really
trust.

If you set _darcs/prefs/defaults to not have "apply test", then the test
shouldn't get run, so you should be safer (unless you actually compile the
code yourself without looking to see what changes went in), but I haven't
thought very thoroughly about whether there might be a way to get around
that.  It may be that using a cleverly crafted patch they could still do
whatever they want (e.g. one patch which modifies "./../prefs/defaults,
followed by one with a nasty test.

So just be careful, darcs isn't designed to be robust with respect to
malicious users (or malicious people who stole the users' keys), which is
why I feel more comfortable having a separate user running the
darcs-patcher.

> thought i'd share my experience, hope this helps someone.

Oh it's very interesting.  I never thought of this... I'm wondering now
whether it would be a better plan to redesign the darcs-createrepo to have
there be one darcs-patcher user that owns several repositories.  Then the
darcs-server package could create the user when it is installed, and
createrepo wouldn't ever again have to mess with a new user!  Probably I'd
use the /etc/aliases route... but this is definitely a job for after
0.9.12, if at all.
-- 
David Roundy
http://www.abridgegame.org

More information about the darcs-users mailing list