Bob Proulx wrote:
> Ryan Schmidt wrote:
>> Bob Proulx wrote:
>>> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
>>> That looks like the same PATH that is in effect for apache. I am
>>> sure it is being inherited, just as desired.
>>
>> According to the documentation, the path should be empty:
>>
>> http://svnbook.red-bean.com/nightly/en/svn.reposadmin.create.html#svn.reposadmin.create.hooks
>>
>>> For security reasons, the Subversion repository executes hook
>>> scripts with an empty environment—that is, no environment variables
>>> are set at all, not even $PATH or %PATH%. Because of this, a lot of
>>> administrators are baffled when their hook script runs fine by
>>> hand, but doesn't work when run by Subversion. Be sure to
>>> explicitly set environment variables in your hook and/or use
>>> absolute paths to programs.
>
> Wow. That is truly ugly. If an admin can't control PATH being used
> by the hook scripts then there are problems well beyond security.
> Because I can't believe that someone would feel there is a need to
> purge PATH by design. That just feels so wrong to me.
Hmm. Since many subversion tools operate as different users at different
times, depending on whether they're run through Apache, svnserver, or the
local filesystem, it's not safe to assume that any or all of these people
have sane PATH settings. Better safe than sorry, I think.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Jul 1 03:06:12 2006