Making mercurial-server work with subrepos - security issue?
27 views
Skip to first unread message
Paul Crowley
May 14, 2010, 5:41:47 AM5/14/10
to merc...@selenic.com
mercurial-server currently contains code in checkParents that explicitly
prevents you from creating a repo in a subdirectory of another repo. I
just received an email from someone showing that removing this explicit
check makes mercurial-server work better with subrepos. Are there any
security issues I should worry about before removing this check? Thanks!
--
[][][] Paul Crowley
[][] LShift Ltd
[] [] www.lshift.net
_______________________________________________
Mercurial mailing list
Merc...@selenic.com
http://selenic.com/mailman/listinfo/mercurial
--
You received this message because you are subscribed to the Google Groups "mercurial" group.
To post to this group, send email to mercuria...@googlegroups.com.
To unsubscribe from this group, send email to mercurial_gene...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mercurial_general?hl=en.
prevents you from creating a repo in a subdirectory of another repo. I
just received an email from someone showing that removing this explicit
check makes mercurial-server work better with subrepos. Are there any
security issues I should worry about before removing this check? Thanks!
--
[][][] Paul Crowley
[][] LShift Ltd
[] [] www.lshift.net
_______________________________________________
Mercurial mailing list
Merc...@selenic.com
http://selenic.com/mailman/listinfo/mercurial
--
You received this message because you are subscribed to the Google Groups "mercurial" group.
To post to this group, send email to mercuria...@googlegroups.com.
To unsubscribe from this group, send email to mercurial_gene...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mercurial_general?hl=en.
Matt Mackall
May 14, 2010, 11:28:25 AM5/14/10
to Paul Crowley, merc...@selenic.com
On Fri, 2010-05-14 at 10:41 +0100, Paul Crowley wrote:
> mercurial-server currently contains code in checkParents that explicitly
> prevents you from creating a repo in a subdirectory of another repo. I
> just received an email from someone showing that removing this explicit
> check makes mercurial-server work better with subrepos. Are there any
> security issues I should worry about before removing this check? Thanks!
Not that I know of.
> mercurial-server currently contains code in checkParents that explicitly
> prevents you from creating a repo in a subdirectory of another repo. I
> just received an email from someone showing that removing this explicit
> check makes mercurial-server work better with subrepos. Are there any
> security issues I should worry about before removing this check? Thanks!
--
Mathematics is the supreme nostalgia of our time.
Kurt Granroth
May 15, 2010, 1:26:42 AM5/15/10
to merc...@selenic.com
On 5/14/10 2:41 AM, Paul Crowley wrote:
> mercurial-server currently contains code in checkParents that explicitly
> prevents you from creating a repo in a subdirectory of another repo. I
> just received an email from someone showing that removing this explicit
> check makes mercurial-server work better with subrepos. Are there any
> security issues I should worry about before removing this check? Thanks!
FWIW, disabling the checkParents code is the very first thing I do when
> mercurial-server currently contains code in checkParents that explicitly
> prevents you from creating a repo in a subdirectory of another repo. I
> just received an email from someone showing that removing this explicit
> check makes mercurial-server work better with subrepos. Are there any
> security issues I should worry about before removing this check? Thanks!
updating our mercurial-server installation (nested mq repos don't work
with it) and everything has been fine.
What kind of security issues are you thinking of?
Paul Crowley
May 18, 2010, 8:10:01 AM5/18/10
to merc...@selenic.com
On 15/05/10 06:26, Kurt Granroth wrote:
> FWIW, disabling the checkParents code is the very first thing I do when
> updating our mercurial-server installation (nested mq repos don't work
> with it) and everything has been fine.
>
> What kind of security issues are you thinking of?
I'm worried about attacks based on mixing up repositories and repository
> FWIW, disabling the checkParents code is the very first thing I do when
> updating our mercurial-server installation (nested mq repos don't work
> with it) and everything has been fine.
>
> What kind of security issues are you thinking of?
contents, in either direction: checking in a directory called ".hg" with
repository-like subdirectories and relying on mercurial-server treating
it like a repository when it's checked out, or conversely appearing to
add files to a repository when what you're really adding is a new
repository.
The "hgadmin" repo is automatically updated to tip every time it's
pushed to, after which it gets used in refresh-auth. So one worry would
be that a malicious party could add keys to the keys directory by
cloning in a new repository within the "keys" subdirectory.
Perhaps it is a mistake for the hgadmin repository to be checked out "in
place" - perhaps I should use separate instances of it for sharing and
for accessing the contents? Or possibly hg already has safeguards
against the sort of problem I'm worrying about?
Reply all
Reply to author
Forward
0 new messages