##// END OF EJS Templates
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)...
dispatch: protect against malicious 'hg serve --stdio' invocations (sec) Some shared-ssh installations assume that 'hg serve --stdio' is a safe command to run for minimally trusted users. Unfortunately, the messy implementation of argument parsing here meant that trying to access a repo named '--debugger' would give the user a pdb prompt, thereby sidestepping any hoped-for sandboxing. Serving repositories over HTTP(S) is unaffected. We're not currently hardening any subcommands other than 'serve'. If your service exposes other commands to users with arbitrary repository names, it is imperative that you defend against repository names of '--debugger' and anything starting with '--config'. The read-only mode of hg-ssh stopped working because it provided its hook configuration to "hg serve --stdio" via --config parameter. This is banned for security reasons now. This patch switches it to directly call ui.setconfig(). If your custom hosting infrastructure relies on passing --config to "hg serve --stdio", you'll need to find a different way to get that configuration into Mercurial, either by using ui.setconfig() as hg-ssh does in this patch, or by placing an hgrc file someplace where Mercurial will read it. mitrandir@fb.com provided some extra fixes for the dispatch code and for hg-ssh in places that I overlooked.

File last commit:

r29235:1f5052d3 default
r32050:77eaf953 4.1.3 stable
Show More
hg
45 lines | 1.2 KiB | text/plain | TextLexer
mpm@selenic.com
Add back links from file revisions to changeset revisions...
r0 #!/usr/bin/env python
#
Matt Mackall
Update copyright notice
r1698 # mercurial - scalable distributed SCM
mpm@selenic.com
Add back links from file revisions to changeset revisions...
r0 #
Thomas Arendsen Hein
Updated copyright notices and add "and others" to "hg version"
r4635 # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
mpm@selenic.com
Add back links from file revisions to changeset revisions...
r0 #
Martin Geisler
updated license to be explicit about GPL version 2
r8225 # This software may be used and distributed according to the terms of the
Matt Mackall
Update license to GPLv2+
r10263 # GNU General Public License version 2 or any later version.
mpm@selenic.com
Add back links from file revisions to changeset revisions...
r0
Dan Villiom Podlaski Christiansen
setup/hg: always load Mercurial from where it was installed....
r12661 import os
import sys
Augie Fackler
hg: add support for HGUNICODEPEDANTRY environment variable...
r21812 if os.environ.get('HGUNICODEPEDANTRY', False):
timeless
hg: limit HGUNICODEPEDANTRY to py2...
r29172 try:
reload(sys)
sys.setdefaultencoding("undefined")
except NameError:
pass
Augie Fackler
hg: add support for HGUNICODEPEDANTRY environment variable...
r21812
Dan Villiom Podlaski Christiansen
setup/hg: always load Mercurial from where it was installed....
r12661 libdir = '@LIBDIR@'
if libdir != '@' 'LIBDIR' '@':
if not os.path.isabs(libdir):
L. David Baron
setup/hg: handle hg being a symlink when appending relative libdir to sys.path...
r12805 libdir = os.path.join(os.path.dirname(os.path.realpath(__file__)),
libdir)
Dan Villiom Podlaski Christiansen
setup/hg: always load Mercurial from where it was installed....
r12661 libdir = os.path.abspath(libdir)
sys.path.insert(0, libdir)
Thomas Arendsen Hein
Enable demandimport only in scripts, not in importable modules (issue605)...
r5197 # enable importing on demand to reduce startup time
Matt Mackall
Give a useful message about PYTHONPATH if startup fails
r7672 try:
timeless
hg: disable demandimport for py3
r29235 if sys.version_info[0] < 3:
from mercurial import demandimport; demandimport.enable()
Matt Mackall
Give a useful message about PYTHONPATH if startup fails
r7672 except ImportError:
sys.stderr.write("abort: couldn't find mercurial libraries in [%s]\n" %
' '.join(sys.path))
sys.stderr.write("(check your install and PYTHONPATH)\n")
sys.exit(-1)
Thomas Arendsen Hein
Enable demandimport only in scripts, not in importable modules (issue605)...
r5197
Patrick Mezard
Change standard streams mode to binary at hg startup...
r5531 import mercurial.util
Matt Mackall
dispatch: move command dispatching into its own module...
r5178 import mercurial.dispatch
Patrick Mezard
Change standard streams mode to binary at hg startup...
r5531
for fp in (sys.stdin, sys.stdout, sys.stderr):
Adrian Buehlmann
rename util.set_binary to setbinary
r14233 mercurial.util.setbinary(fp)
Patrick Mezard
Change standard streams mode to binary at hg startup...
r5531
Matt Mackall
dispatch: move command dispatching into its own module...
r5178 mercurial.dispatch.run()