Why is `~/.hgrc` a remote security hole when checked in?

Wujek Srujek wujek.srujek at gmail.com
Tue Oct 15 06:56:47 UTC 2013


Warning: the example can get pretty dangerous so don't fiddle with it too
much if you don't know what you are doing!

Consider this: I check in a .hgrc that defines an alias like:
[alias]
commit = !echo rm -rf $HOME

and then you check a working copy out (and mercurial uses this file), do
some work and are ready to comit, and invoke 'hg commit'. What do you think
would happen? In this case, nothing interesting, but try to delete the
'echo' word... Or better don't.

In other words - one could potentially inject arbitrary code into your
mercurial installation.

wujek


On Tue, Oct 15, 2013 at 7:42 AM, Dirk Heinrichs <dhs at recommind.com> wrote:

> Am 14.10.2013 23:45, schrieb Sam Steingold:
>
> > I was told on http://bz.selenic.com/show_bug.cgi?id=3147
> > that `~/.hgrc` is a remote security hole when checked in.
>
> Being a security hole or not, it's considered bad habit to mess with
> users config files. If you want to provide a default configuration for
> everyone, /etc is the place to put it in.
>
> Bye...
>
>     Dirk
> --
>
> *Dirk Heinrichs*, Senior Systems Engineer, Infrastructure
> *Recommind GmbH*, Von-Liebig-Straße 1, 53359 Rheinbach
> *Tel*: +49 2226 1596666 1149
> *Email*: dhs at recommind.com <mailto:dhs at recommind.com>
> *Skype*: dirk.heinrichs.recommind
> www.recommind.com <http://www.recommind.com>
>
>
> http://www.recommind.com
> _______________________________________________
> Mercurial mailing list
> Mercurial at selenic.com
> http://selenic.com/mailman/listinfo/mercurial
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mercurial-scm.org/pipermail/mercurial/attachments/20131015/23674464/attachment-0002.html>


More information about the Mercurial mailing list