On Mon, Aug 5, 2013 at 12:22 PM, Stefan Küng <tortoisesvn_at_gmail.com> wrote:
> On 05.08.2013 18:15, Ben Fritz wrote:
>>
>> Can I specify a repository path to a file NOT in the working copy, and
>> have it run as a hook script? Or do I need to stick it on a common
>> network share or something like that?
>
> Sorry, no. That would be a big security issue since then TSVN would
> actually execute potentially dangerous and/or malicious code.
> At least by only executing script that are in the repository and the
> working copy we can assume that you need at least commit access to the
> repo to have something execute.
>
Sure...but the commit access argument also applies to files in the
repository but not the current working copy. E.g. if I have:
/repo/trunk/file1
/repo/trunk/hook1.bat
/repo/tools/clienthooks/hook2.bat
Then why is running hook1 any more secure than running hook2?
For that matter, I see from
http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-dug-settings.html
that I can't use UNC paths, but I guess anything on the C: drive or
any mapped network drives would be fair game; that's not too secure
either. Anyway, http://tortoisesvn.net/tsvn_1.8_releasenotes.html says
TSVN will ask the user first before running.
As a workaround assume I can do:
:: Wrapper bat file
@echo off
svn cat http://example.com/repo/tools/clienthooks/hook2.bat > hook_script.bat
call hook_script.bat
del hook_script.bat
:: end wrapper bat file
But this just seems silly.
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3062085
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2013-08-05 19:54:48 CEST