[darcs-users] What to do about darcs hooks

Trent W. Buck trentbuck at gmail.com
Mon Feb 23 07:32:44 UTC 2009


Thomas Hartman <thomashartman1 at googlemail.com> writes:

> I don't use darcs hooks and only understand what I have read about
> them skimming the manual.
>
> But my understanding is that you can pretty much get darcs to execute
> arbitrary commands using prehook and posthook functionality.
>
> Since patch-tag is world accessible, clearly this is not a good thing :)

Is it the case that you cannot set a hook unless you have direct write
access to the repo (i.e. not via darcs push)?

If that's true, could you use ssh force-command to only allow end users
to run darcs push, and not anything else?

Also, the hook will (presumably) run as the same user that invoked
"darcs transfer-mode".  If that's the case, then they will hopefully
have difficulty escalating to root.



More information about the darcs-users mailing list