[darcs-users] What to do about darcs hooks
Trent W. Buck
trentbuck at gmail.com
Mon Feb 23 07:32:44 UTC 2009
Thomas Hartman <thomashartman1 at googlemail.com> writes:
> I don't use darcs hooks and only understand what I have read about
> them skimming the manual.
>
> But my understanding is that you can pretty much get darcs to execute
> arbitrary commands using prehook and posthook functionality.
>
> Since patch-tag is world accessible, clearly this is not a good thing :)
Is it the case that you cannot set a hook unless you have direct write
access to the repo (i.e. not via darcs push)?
If that's true, could you use ssh force-command to only allow end users
to run darcs push, and not anything else?
Also, the hook will (presumably) run as the same user that invoked
"darcs transfer-mode". If that's the case, then they will hopefully
have difficulty escalating to root.
More information about the darcs-users
mailing list