I finished implementing UID-based segregation. You can view the
resulting code here[1]. In particular, you may find the suid wrapper
at `fossil/hydra_fossil_chroot_wrapper.c` useful for your own
purposes.
I've added a patch for safe Tcl (controlled by configure switch
`--force-tcl-makesafe`). I've however left Tcl disabled altogether for
two main reasons:
- Tcl provides far too large an attack surface.
- The Tcl interpreter needs access to its function library in
`/usr/share/tcltk/tcl8.6/`, and I don't feel like messing with bind
mounts right now to make it available.
I might enable public registration 'soon'. Now all I need is a catchy
name, like `chiselapp` :p
[1]
https://hydra.ecd.space/f/hydra/info/c34b243efda4fe2775d7c46f1d9b3cd1b2eb7190eb22933e469c7eb08fee5636
Cheers,
Eduard
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
