[darcs-users] darcs patch: Extended DARCS_GET_FOO example.

Eric Kow kowey at darcs.net
Sun Jun 21 18:06:54 UTC 2009


On Sun, Jun 21, 2009 at 23:10:59 +1000, Trent W.Buck wrote:
> Incidentally, it looks like when "darcs push" calls "darcs apply" on
> the remote end, it assumes that the repository path contains no
> apostrophes.  THIS IS AN INJECTION ATTACK in the case where you give
> someone permission to "darcs push" to your ssh server, but do not give
> them a full shell.

Sounds like one for the bug tracker at least.
Is this something that we should consider to be urgent?

> Sun Jun 21 23:01:47 EST 2009  Trent W. Buck <trentbuck at gmail.com>
>   * Extended DARCS_GET_FOO example.

I've applied this, thanks!

-- 
Eric Kow <http://www.nltg.brighton.ac.uk/home/Eric.Kow>
PGP Key ID: 08AC04F9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.osuosl.org/pipermail/darcs-users/attachments/20090621/496808e8/attachment.pgp>


More information about the darcs-users mailing list