On Wed, 2008-07-16 at 23:18 +0100, John Levon wrote: > On Wed, Jul 16, 2008 at 01:59:55PM -0700, Bill Sommerfeld wrote: > > > > You can also put: > > > [trusted] > > > groups=other > > > > > > in your ~/.hgrc to get that noise to go away > > > > please don't. > > > > in my ~/.hgrc, and I do an "hg log" on someone's workspace that's owned > > by group other, mercurial could execute arbitrary code based on the > > contents of that workspace's hgrc. > > > > It's better to just ignore the warning. > > This is a serious problem with Mercurial, and I don't yet know of a good > solution. I don't buy that there's a security problem in the first > place.
Clearly a bunch of us (including the author of mercurial) believe there's a security issue. > You're either accessing stuff over NFS or via ssh. That doesn't mean I want to execute arbitrary code from you when I look at your workspace with "hg log". > If you don't > trust it, why on earth are you downloading software from it, or letting > them run your remote ssh account? reading files shouldn't result in executing arbitrary code. > In the meantime, without this setting, *none of the hooks run*. That's > your gate check hooks, your generate a webrev hooks, etc. > > We had way too many accidentally-hidden putbacks happen due to this > setting not being there. if you need to force hooks to run, you need to set up a captive shell environment on the system hosting the gate and funnel all pushes through that captive environment.
