[darcs-users] darcs patch: remove --run-posthook and --run-prehook flags (and --p...

David Roundy droundy at darcs.net
Mon Oct 13 18:11:50 UTC 2008

Hi all (and Jason in particular),

This is a proposed change that needs to be discussed.  I have never
cared for the --run-posthook and --run-prehook flags (and
--prompt-posthook and --prompt-prehook), and would prefer to remove

As I mention below, I don't think they serve a valid security
feature.  If you allow a hostile user to call darcs with an arbitrary
command line, that user can add both --posthook='rm -rf ~' and
--run-posthook at the same time.  Ditto for hostile users who are able
to modify your defaults file.

So it isn't a possible security feature, but just a "safety" feature
(like rm -i).  But I'm also unable to imagine a scenario where someone
"accidentally" calls --posthook, or accidentally adds it to their
defaults file.  Which just leaves it as an annoyance, and I'm annoyed
by it, so I'd rather just remove the feature.


Mon Oct 13 14:04:09 EDT 2008  David Roundy <droundy at darcs.net>
  * remove --run-posthook and --run-prehook flags (and --prompt-same)
  This feature has never had a safety application that I've been able to
  discern (I don't consider it *ever* safe to allow attackers to run
  darcs).  This change simplifies the code of darcs, and its use.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-darcs-patch
Size: 27437 bytes
Desc: A darcs patch for your repository!
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20081013/1066f7a4/attachment-0001.bin 

More information about the darcs-users mailing list