symlink behaviour?
Locked
 
|
Hi,
I recently learned of the nice symlink behaviour in rsync, more specifically the distinction between safe and unsafe symlinks. > Symbolic links are considered unsafe if they are : > absolute symlinks (start with /), > empty, or > if they contain enough “..” components to ascend from the directory being copied. Does mercurial also support a similar notion of safe and unsafe symlinks? I.e. symlink that point to files not in the repository? 'hg help add' doesn mention it and I don't really find any documentation regarding this. Or any other *official* documentation with respect to symlink behaviour. The only information that I did find was in revision messages and some bug reports, but they didn't really clear the confusion for me. with kind regards, Jeroen _______________________________________________ Mercurial mailing list [hidden email] http://selenic.com/mailman/listinfo/mercurial |
|
|
a small test didn't really report anything when creating unsafe symlinks :-(
example: % cd /tmp % mkdir testHgsymlinkbehaviour % cd testHgsymlinkbehaviour % touch fileA % mkdir hgrepo % cd hgrepo % hg init % touch fileB % hg add adding fileB % hg ci -m ' commit 1 ' % ln -s fileB symlinkToB % ln -s ../fileA symlinkToExternalFileA % hg add % hg st A symlinkToB A symlinkToExternalFileA % hg ci -m "added some symlinks" symlinkToB | 1 + symlinkToExternalFileA | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) % cd ../ % hg clone --pull hgrepo pulledRepo requesting all changes adding changesets adding manifests adding file changes added 2 changesets with 3 changes to 3 files updating to branch default 3 files updated, 0 files merged, 0 files removed, 0 files unresolved jeroendv@zadeh /tmp/testHgsymlinkbehaviour % cd pulledRepo % ls -l total 0 -rw-rw-r-- 1 jeroendv jeroendv 0 2012-01-06 13:23 fileB lrwxrwxrwx 1 jeroendv jeroendv 5 2012-01-06 13:23 symlinkToB -> fileB lrwxrwxrwx 1 jeroendv jeroendv 8 2012-01-06 13:23 symlinkToExternalFileA -> ../fileA Jeroen On Fri, Jan 6, 2012 at 1:49 PM, Jeroen De Vlieger <[hidden email]> wrote: Hi, _______________________________________________ Mercurial mailing list [hidden email] http://selenic.com/mailman/listinfo/mercurial |
|
|
In reply to this post by Jeroen De Vlieger
On Fri, 2012-01-06 at 13:49 +0100, Jeroen De Vlieger wrote:
> Hi, > > I recently learned of the nice symlink behaviour in rsync, more > specifically the distinction between safe and unsafe symlinks. > > > Symbolic links are considered unsafe if they are : > > absolute symlinks (start with /), > > empty, or > > if they contain enough “..” components to ascend from the directory > being copied. > > > Does mercurial also support a similar notion of safe and unsafe symlinks? > I.e. symlink that point to files not in the repository? No, we support a completely different notion of safe and unsafe links. First, consider that the primary purpose of Mercurial is to distribute source code across the internet. If you -run- untrusted source code, any security measure we could possibly create is instantly irrelevant. Once you type 'make', it's game over. So that limits Mercurial's security scope to things like allowing users to safely check out and inspect code before running it. For instance, we take care to avoid traversing symlinks when checking out files, as that could allow a hostile repo to install hostile hooks on checkout. Here's the core of our path auditing rules: http://www.selenic.com/hg/file/f15c646bffc7/mercurial/scmutil.py#l61 -- Mathematics is the supreme nostalgia of our time. _______________________________________________ Mercurial mailing list [hidden email] http://selenic.com/mailman/listinfo/mercurial |
|
|
On Fri, Jan 6, 2012 at 10:16 PM, Matt Mackall <[hidden email]> wrote:
> On Fri, 2012-01-06 at 13:49 +0100, Jeroen De Vlieger wrote: >> Hi, >> >> I recently learned of the nice symlink behaviour in rsync, more >> specifically the distinction between safe and unsafe symlinks. >> >> > Symbolic links are considered unsafe if they are : >> > absolute symlinks (start with /), >> > empty, or >> > if they contain enough “..” components to ascend from the directory >> being copied. >> >> >> Does mercurial also support a similar notion of safe and unsafe symlinks? >> I.e. symlink that point to files not in the repository? > > No, we support a completely different notion of safe and unsafe links. > > First, consider that the primary purpose of Mercurial is to distribute > source code across the internet. If you -run- untrusted source code, any > security measure we could possibly create is instantly irrelevant. Once > you type 'make', it's game over. > > So that limits Mercurial's security scope to things like allowing users > to safely check out and inspect code before running it. For instance, we > take care to avoid traversing symlinks when checking out files, as that > could allow a hostile repo to install hostile hooks on checkout. > > Here's the core of our path auditing rules: > > http://www.selenic.com/hg/file/f15c646bffc7/mercurial/scmutil.py#l61 > > Thanks for the fast response, Would it make sense to print a 'warning' if the user tries to add a symlink that doesn't point to a file in the same repo? I would argue that is would help to keep your project local. meaning that a simple archive would actually contain the complete working project. Which is not the case if you'r project contains symlinks to external files. It *would* make sense for my -admittedly small- personal projects. I don't really have a lot experience with large scale projects with lots of contributors though :-s Jeroen _______________________________________________ Mercurial mailing list [hidden email] http://selenic.com/mailman/listinfo/mercurial |
|
|
On Sun, Jan 08, 2012 at 09:00:52AM +0100, Jeroen De Vlieger wrote:
> On Fri, Jan 6, 2012 at 10:16 PM, Matt Mackall <[hidden email]> wrote: > > On Fri, 2012-01-06 at 13:49 +0100, Jeroen De Vlieger wrote: > >> Hi, > >> > >> I recently learned of the nice symlink behaviour in rsync, more > >> specifically the distinction between safe and unsafe symlinks. > >> > >> > Symbolic links are considered unsafe if they are : > >> > absolute symlinks (start with /), > >> > empty, or > >> > if they contain enough “..” components to ascend from the directory > >> being copied. > >> > >> > >> Does mercurial also support a similar notion of safe and unsafe symlinks? > >> I.e. symlink that point to files not in the repository? > > > > No, we support a completely different notion of safe and unsafe links. > > > > First, consider that the primary purpose of Mercurial is to distribute > > source code across the internet. If you -run- untrusted source code, any > > security measure we could possibly create is instantly irrelevant. Once > > you type 'make', it's game over. > > > > So that limits Mercurial's security scope to things like allowing users > > to safely check out and inspect code before running it. For instance, we > > take care to avoid traversing symlinks when checking out files, as that > > could allow a hostile repo to install hostile hooks on checkout. > > > > Here's the core of our path auditing rules: > > > > http://www.selenic.com/hg/file/f15c646bffc7/mercurial/scmutil.py#l61 > > Thanks for the fast response, > > Would it make sense to print a 'warning' if the user tries to add a > symlink that doesn't point to a file in the same repo? > > I would argue that is would help to keep your project local. meaning > that a simple archive would actually contain the complete working > project. Which is not the case if you'r project contains symlinks to > external files. It *would* make sense for my -admittedly small- > personal projects. I don't really have a lot experience with large > scale projects with lots of contributors though :-s Probably not. There are no doubt tons of people using symlinks outside their tree, especially with people versioning their home directory or /etc directories. -- Mathematics is the supreme nostalgia of our time. _______________________________________________ Mercurial mailing list [hidden email] http://selenic.com/mailman/listinfo/mercurial |
«
Return to General
|
1 view|%1 views
| Free forum by Nabble | Edit this page |