[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Can client-side hooks run a script not in working copy?

From: Ben Fritz <fritzophrenic_at_gmail.com>
Date: Mon, 5 Aug 2013 12:54:23 -0500

On Mon, Aug 5, 2013 at 12:22 PM, Stefan Küng <tortoisesvn_at_gmail.com> wrote:
> On 05.08.2013 18:15, Ben Fritz wrote:
>> Can I specify a repository path to a file NOT in the working copy, and
>> have it run as a hook script? Or do I need to stick it on a common
>> network share or something like that?
> Sorry, no. That would be a big security issue since then TSVN would
> actually execute potentially dangerous and/or malicious code.
> At least by only executing script that are in the repository and the
> working copy we can assume that you need at least commit access to the
> repo to have something execute.

Sure...but the commit access argument also applies to files in the
repository but not the current working copy. E.g. if I have:


Then why is running hook1 any more secure than running hook2?

For that matter, I see from
that I can't use UNC paths, but I guess anything on the C: drive or
any mapped network drives would be fair game; that's not too secure
either. Anyway, http://tortoisesvn.net/tsvn_1.8_releasenotes.html says
TSVN will ask the user first before running.

As a workaround assume I can do:

:: Wrapper bat file
@echo off
svn cat http://example.com/repo/tools/clienthooks/hook2.bat > hook_script.bat
call hook_script.bat
del hook_script.bat
:: end wrapper bat file

But this just seems silly.


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2013-08-05 19:54:48 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.