RE: Hook scripts start with an empty environment
From: Bert Huijben <bert_at_qqmail.nl>
Date: Wed, 24 Mar 2010 09:27:56 +0100
> -----Original Message-----
This behavior is by design.
Repository hooks run as the 'repository owner' and clearing the environment is part of the security around that feature.
I'm a bit surprised that you actually see a passphrase prompt from a hook, as the hook environment redirects stdin, stdout and stderr to the server process. The only prompt you should be able to see is the prompt for starting the ssh process. (And this ssh isn't called via the function you tried to patch)
If we would forward the environment hook scripts, the scripts might accidentally use environment variables from the calling process without the user knowing. Which opens a backdoor for all kinds of malware/abusal. And it would also make it very hard to create hook scripts that work identical for all repository users.
This is an archived mail posted to the Subversion Dev mailing list.