Re: [PATCH] Explicitly set PATH in the template hook scripts

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2004-10-28 19:02:05 CEST

On Tue, 2004-10-26 at 01:04, Peter S. Housel wrote:
> I think SVN_BINARY_DIR ":/bin:/usr/bin" is as a good a default setting
> as any. Since the file that's being generated is just a template, the
> PATH setting can be easily changed if it's not valid for the given
> installation.

Not a very reassuring argument.

> > Perhaps SVN_BINARY_DIR ":$PATH" would be a better choice?
>
> That would defeat part of the purpose of setting it in the first place;
> it might allow people to circumvent tests in (arguably sloppily-written)
> hook scripts by passing in a weird PATH.

Hooks are only run on the server. If the client controls the execution
environment of the server process (using file: access or using svn+ssh:
access with a full shell account), then the user can circumvent hook
scripts in other ways.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 28 19:02:45 2004

This message: [ Message body ]
Next message: Peter N. Lundblad: "Re: svn commit: r11439 - trunk/subversion/libsvn_client"
Previous message: Ben Collins-Sussman: "Re: svn commit: r11648 - trunk/doc/translations/german/book"
In reply to: Peter S. Housel: "Re: [PATCH] Explicitly set PATH in the template hook scripts"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]