[darcs-users] DARCS pushable repository security question
Sean E. Russell
ser at germane-software.com
Sat Oct 18 17:08:02 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Is there a document that elucidates the statement from the darcs manual:
"When you set up a pushable repository, you are allowing anyone who has write
access to that repository to run arbitrary code on your machine."
I'm curious as to whether this is strictly true, or whether it is an
exaggerated statement intended to make people more aware of security issues.
In particular, are there known exploits of the darcs executable, or does the
darcs push server actually execute arbitrary commands in the emailed patches?
- --
### SER
### Deutsch|Esperanto|Francaise|Linux|XML|Java|Ruby|Aikido|Dirigibles
### http://www.germane-software.com/~ser jabber.com:ser ICQ:83578737
### GPG: http://www.germane-software.com/~ser/Security/ser_public.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/kXNyP0KxygnleI8RAuMQAKCnUWEroORgF+41YH2u4mGowmjAxwCgxNk1
L49JegdZZO3pg4mp+9HEmh4=
=YU4Q
-----END PGP SIGNATURE-----
More information about the darcs-users
mailing list