[darcs-users] darcs patch: Extended DARCS_GET_FOO example.
Trent W.Buck
trentbuck at gmail.com
Sun Jun 21 13:10:59 UTC 2009
I wanted to get a feel for DARCS_GET_FOO and friends before I rewrote
the documentation for them, so instead of a stupid HTTP example, I
tried to get Darcs to speak CIFS (SMB) -- at least read-only.
I'm convinced that the way Darcs handles these environment variables
(it calls `words` on them) is fundamentally annoying and wrong. I
think instead it should either treat them as an argument for sh -c, or
be extended to understand quotation marks (as GNU Screen does, for
example).
I actually tried to work out how to change the "words" call, but it's
bloody difficult to even find! It looks like all the GET/MGET/APPLY
voodoo has been tacked onto existing code for handling SSH arguments,
or something.
Incidentally, it looks like when "darcs push" calls "darcs apply" on
the remote end, it assumes that the repository path contains no
apostrophes. THIS IS AN INJECTION ATTACK in the case where you give
someone permission to "darcs push" to your ssh server, but do not give
them a full shell.
Sun Jun 21 23:01:47 EST 2009 Trent W. Buck <trentbuck at gmail.com>
* Extended DARCS_GET_FOO example.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/x-darcs-patch
Size: 91446 bytes
Desc: A darcs patch for your repository!
URL: <http://lists.osuosl.org/pipermail/darcs-users/attachments/20090621/3a025149/attachment-0001.bin>
More information about the darcs-users
mailing list