Why is `~/.hgrc` a remote security hole when checked in?

Sam Steingold sds at gnu.org
Tue Oct 15 13:36:26 UTC 2013


> * Wujek Srujek <jhwrx.fehwrx at tznvy.pbz> [2013-10-15 08:56:47 +0200]:
>
> Warning: the example can get pretty dangerous so don't fiddle with it too
> much if you don't know what you are doing!
>
> Consider this: I check in a .hgrc that defines an alias like:
> [alias]
> commit = !echo rm -rf $HOME
>
> and then you check a working copy out (and mercurial uses this file), do
> some work and are ready to comit, and invoke 'hg commit'. What do you think
> would happen? In this case, nothing interesting, but try to delete the
> 'echo' word... Or better don't.
>
> In other words - one could potentially inject arbitrary code into your
> mercurial installation.

Thanks, I appreciate your explanations.

However, the repo is hosted on my home linux box. I am the admin there.
It is used from a few other boxes (linux and otherwise) which I also
administer.

What you are saying is that an intruder with access to one
such box will have easy access to all of them. Right?
Well, this is more or less the case anyway: all these boxes run
ssh-agent.

I am not saying that my setup is perfectly secure.
No setup is.

What I am saying is that keeping my config under hg is convenient and
_does not cause any extra vulnerability_.

-- 
Sam Steingold (http://sds.podval.org/) on Ubuntu 12.04 (precise) X 11.0.11103000
http://www.childpsy.net/ http://americancensorship.org
http://palestinefacts.org http://memri.org http://iris.org.il http://ffii.org
XFM: Exit file manager? [Continue] [Cancel] [Abort]



More information about the Mercurial mailing list