Stefan Küng wrote:
> Joseph Galbraith wrote:
>> Stefan Küng wrote:
>>> Hi,
>>>
>>> I'm currently trying to implement issue #137:
>>> http://tortoisesvn.net/issues/?do=details&id=137
>>>
>>> But now I have some problems where I hope you can help me out with
>>> some ideas:
>>>
>>> If the hook scripts are configured via project properties (i.e. like
>>> the bugtraq properties), how should we define the path to the script?
>>> To avoid security issues, I want to force the scripts to be inside
>>> the working copy. But with project properties, you can't define an
>>> absolute path to a script, and relative paths don't really work
>>> because the user can start TortoiseProc from any directory.
>>
>> You could say that relative is relative to the folder that has
>> the property set rather than relative to the current directory
>> of TortoiseProc.
>
> Ok, but if we do that, then users will (rightfully) complain that it is
> a real pain in the ass to set the properties on all folders - because
> all folders will have different relative paths. So that's not really an
> option.
Hmmm... I though that when we looked for a TSVN property,
we traversed the directory tree to the top of the wc looking
for the property, and stopped on the first directory that has it?
If we applied that logic, and the user did a commit
in c:\wc\x\y\z, we'd look in c:\wc\x\y\z first, then
c:\wc\x\y, then c:\wc\x and so on.
If the tsvn:my-hook property was set to a/b/c.pl on
c:\wc, then we'd use c:\wc as the default path and
a/b/c.pl as the relative path, leading to:
c:\wc\a\b\c.pl as the hook-script.
Would this work? Or am I majorly confused?
Another alternative would be to use the global config
to give hook-scripts names:
my-hook = c:\bin\xyzzy
and then have the property refer to 'my-hook' instead
of c:\bin\xyzzy
That does require every client to be configured-- but
then again, I'm not sure that is a bad thing. That
would definitely reduce the security concerns if the
hook had to be listed in the global config and what was
actually run was controlled there rather than in the
repository.
Thanks,
Joseph
>>> If however we configure the hook scripts with e.g. a global config
>>> file or in the settings dialog, then they won't be 'project only' (we
>>> could find a way around that, but it would be *very ugly* UI wise),
>>> and then each user would have to configure them him/herself.
>>>
>>> So, what's the best way to go here? Any ideas on how to specify a
>>> path to the scripts when using project properties?
>>
>> Even forcing the hook script to be inside the WC still
>> seems dangerous to me-- what if someone hacked a
>> repository and committed both the property and a
>> malicous script.
>>
>> I think probably, rather than insisting that the script
>> be in the working copy, the user should be prompted before
>> the script is run, something like this:
>>
>> There is a hook-script configured for this action, which
>> may provide increased functionality or improved error
>> handling for this repository.
>>
>> Hook-scripts can modify your system in undesired ways; one
>> should use caution about allowing hook scripts to run,
>> especially from a public repository.
>>
>> _Always run this script_ _Run script_ _Don't Run_
>>
>> (And there should probably be a global option to say don't
>> ever run hooks.)
>
> Good idea.
>
> Stefan
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Thu Aug 31 21:44:52 2006