[darcs-users] Darcs Servers
Trent W. Buck
trentbuck at gmail.com
Tue Aug 18 01:08:10 UTC 2009
Miklos Vajna <vmiklos at frugalware.org> writes:
> On Mon, Aug 17, 2009 at 12:34:13PM -0700, Jason Dagit <dagit at codersbase.com> wrote:
>> It's good that you've identified this. Do you propose a way to
>> implement setpref so that this path of injection is not possible?
>> Once upon a time, I had written code so that the repository could
>> disallow post-hooks. But this approach was no more secure and it was
>> not fine grained either (except in interactive use).
>
> I tried not proposing anything, as in case I say "just look at how git
> does it" some people on this list may become angry. ;-)
I, for one, would rather learn from the mistakes of others, and snarf
their good ideas, rather than repeating the former and reinventing the
latter.
> 1) A system where there are trusted users only and setprefs is handy,
> getting rid of them would be 'getting rid of a nice feature'.
>
> There you can still just symlink (for example) hooks/post-apply to
> _darcs/hooks/post-apply, so changing hooks via patches will be still
> allowed.
This strikes me a as a reasonable way to lock down setpref without loss
of functionality for those that use it. A little care would be needed
to ensure that when branching or cloning a repo ("darcs get" for both)
you get DWIM behaviour with respect to prefs being copied/not copied.
> 2) A system where not everybody is a trusted user: setpref can no
> longer be set to any problematic value, darcs is not considered
> 'insecure by design' by sysadmins.
Apart from all the other gaping holes that still need to be closed :-)
More information about the darcs-users
mailing list