Re: Updating a live website with a post-commit hook script

From: Les Mikesell <lesmikesell_at_gmail.com>
Date: 2006-07-01 03:18:12 CEST

On Fri, 2006-06-30 at 20:05, Nico Kadel-Garcia wrote:
> >
> > Wow. That is truly ugly. If an admin can't control PATH being used
> > by the hook scripts then there are problems well beyond security.
> > Because I can't believe that someone would feel there is a need to
> > purge PATH by design. That just feels so wrong to me.
>
> Hmm. Since many subversion tools operate as different users at different
> times, depending on whether they're run through Apache, svnserver, or the
> local filesystem, it's not safe to assume that any or all of these people
> have sane PATH settings. Better safe than sorry, I think.

So what's safe? Unless you are the only admin on the box,
second-guessing where binaries live doesn't sound safe to
me. Sourcing /etc/profile if it exists might work in
a lot of places.

-- 
  Les Mikesell
   lesmikesell@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Sat Jul 1 03:17:24 2006

This message: [ Message body ]
Next message: Totok Sulistiomono: "Re: TortoiseSvn for Linux"
Previous message: Bob Proulx: "Re: Updating a live website with a post-commit hook script"
In reply to: Nico Kadel-Garcia: "Re: Updating a live website with a post-commit hook script"
Next in thread: Nico Kadel-Garcia: "Re: Updating a live website with a post-commit hook script"
Reply: Nico Kadel-Garcia: "Re: Updating a live website with a post-commit hook script"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]