[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Updating a live website with a post-commit hook script

From: Les Mikesell <lesmikesell_at_gmail.com>
Date: 2006-07-01 03:18:12 CEST

On Fri, 2006-06-30 at 20:05, Nico Kadel-Garcia wrote:
> >
> > Wow. That is truly ugly. If an admin can't control PATH being used
> > by the hook scripts then there are problems well beyond security.
> > Because I can't believe that someone would feel there is a need to
> > purge PATH by design. That just feels so wrong to me.
>
> Hmm. Since many subversion tools operate as different users at different
> times, depending on whether they're run through Apache, svnserver, or the
> local filesystem, it's not safe to assume that any or all of these people
> have sane PATH settings. Better safe than sorry, I think.

So what's safe? Unless you are the only admin on the box,
second-guessing where binaries live doesn't sound safe to
me. Sourcing /etc/profile if it exists might work in
a lot of places.

-- 
  Les Mikesell
   lesmikesell@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Jul 1 03:17:24 2006

This is an archived mail posted to the Subversion Users mailing list.