[darcs-users] darcs patch: remove --run-posthook and --run-prehook flags (and --p...
droundy at darcs.net
Mon Oct 13 18:11:50 UTC 2008
Hi all (and Jason in particular),
This is a proposed change that needs to be discussed. I have never
cared for the --run-posthook and --run-prehook flags (and
--prompt-posthook and --prompt-prehook), and would prefer to remove
As I mention below, I don't think they serve a valid security
feature. If you allow a hostile user to call darcs with an arbitrary
command line, that user can add both --posthook='rm -rf ~' and
--run-posthook at the same time. Ditto for hostile users who are able
to modify your defaults file.
So it isn't a possible security feature, but just a "safety" feature
(like rm -i). But I'm also unable to imagine a scenario where someone
"accidentally" calls --posthook, or accidentally adds it to their
defaults file. Which just leaves it as an annoyance, and I'm annoyed
by it, so I'd rather just remove the feature.
Mon Oct 13 14:04:09 EDT 2008 David Roundy <droundy at darcs.net>
* remove --run-posthook and --run-prehook flags (and --prompt-same)
This feature has never had a safety application that I've been able to
discern (I don't consider it *ever* safe to allow attackers to run
darcs). This change simplifies the code of darcs, and its use.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 27437 bytes
Desc: A darcs patch for your repository!
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20081013/1066f7a4/attachment-0001.bin
More information about the darcs-users