[darcs-users] darcs patch: remove --run-posthook and --run-prehook flags (and --p...

David Roundy droundy at darcs.net
Mon Oct 13 18:11:50 UTC 2008


Hi all (and Jason in particular),

This is a proposed change that needs to be discussed.  I have never
cared for the --run-posthook and --run-prehook flags (and
--prompt-posthook and --prompt-prehook), and would prefer to remove
them.

As I mention below, I don't think they serve a valid security
feature.  If you allow a hostile user to call darcs with an arbitrary
command line, that user can add both --posthook='rm -rf ~' and
--run-posthook at the same time.  Ditto for hostile users who are able
to modify your defaults file.

So it isn't a possible security feature, but just a "safety" feature
(like rm -i).  But I'm also unable to imagine a scenario where someone
"accidentally" calls --posthook, or accidentally adds it to their
defaults file.  Which just leaves it as an annoyance, and I'm annoyed
by it, so I'd rather just remove the feature.

David

Mon Oct 13 14:04:09 EDT 2008  David Roundy <droundy at darcs.net>
  * remove --run-posthook and --run-prehook flags (and --prompt-same)
  This feature has never had a safety application that I've been able to
  discern (I don't consider it *ever* safe to allow attackers to run
  darcs).  This change simplifies the code of darcs, and its use.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-darcs-patch
Size: 27437 bytes
Desc: A darcs patch for your repository!
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20081013/1066f7a4/attachment-0001.bin 


More information about the darcs-users mailing list