[darcs-users] [patch136] remove the hardcoded string "_darcs" in ... (and 1 more)
Trent W. Buck
twb at cybersource.com.au
Thu Jan 14 03:28:29 UTC 2010
Petr Ročkai <bugs at darcs.net> writes:
> If someone managed to create patches referring to files under _darcs
> (by removing that _darcs entry from their boring file), I can only
> assume that BAD THINGS would happen.
Out of curiosity, I simulated such an attack:
with-temp-dir: entering directory `/tmp/with-temp-dir.n5DiqN'
This directory will be deleted when you exit.
$ darcs init
$ date >x
$ darcs rec -qlamx x
Recording changes in "x":
Finished recording patch 'x'
$ darcs init --repo null
$ darcs send --dont-sign --dont-edit -aox.dpatch null
Creating patch to "/tmp/with-temp-dir.n5DiqN/null"...
Wrote patch to /tmp/with-temp-dir.n5DiqN/x.dpatch.
$ sed -i x.dpatch -e 's|./x|./_darcs/x|g' -e '/Patch bundle hash:/,$d'
$ darcs apply --repo null x.dpatch
darcs failed: Malicious path in patch:
If you are sure this is ok then you can run again with the --dont-restrict-paths option.
More information about the darcs-users