All patches and comments are welcome. Please squash your changes to logical
commits before using git-format-patch and git-send-email to
patches@git.madduck.net.
If you'd read over the Git project's submission guidelines and adhered to them,
I'd be especially grateful.
summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
0330754)
All mrconfig files except the main ~/.mrconfig are now untrusted by
default, until listed in ~/.mrtrust.
-* For compatability, ~/.mrtrust has to exist before trust checks are
- enabled. Change this in a flag day.
-
* After the mtrust flag day, consider making something similar to -p
be enabled by default.
* After the mtrust flag day, consider making something similar to -p
be enabled by default.
+mr (1.00) UNRELEASED; urgency=low
+
+ * Trust flag day. All mrconfig files except the main ~/.mrconfig are
+ now untrusted by default, until listed in ~/.mrtrust.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 19 Jan 2011 13:39:43 -0400
+
mr (0.51) unstable; urgency=low
* Fix display when absolute directories are configured in mrconfig.
mr (0.51) unstable; urgency=low
* Fix display when absolute directories are configured in mrconfig.
Format: http://dep.debian.net/deps/dep5/
Format: http://dep.debian.net/deps/dep5/
-Copyright: (c) 2007-2010 Joey Hess <joeyh@debian.org>
+Copyright: (c) 2007-2011 Joey Hess <joeyh@debian.org>
License: GPL-2+
On Debian systems, the complete text of the GPL can be found in
/usr/share/common-licenses/GPL.
License: GPL-2+
On Debian systems, the complete text of the GPL can be found in
/usr/share/common-licenses/GPL.
override these rcs specific actions. To add a new revision control system,
you can just add rcs specific actions for it.
override these rcs specific actions. To add a new revision control system,
you can just add rcs specific actions for it.
-The ~/.mrlog file contains commands that mr has remembered to run later,
-due to being offline. You can delete or edit this file to remove commands,
-or even to add other commands for 'mr online' to run. If the file is
-present, mr assumes it is in offline mode.
-
=head1 UNTRUSTED MRCONFIG FILES
Since mrconfig files can contain arbitrary shell commands, they can do
anything. This flexibility is good, but it also allows a malicious mrconfig
file to delete your whole home directory. Such a file might be contained
=head1 UNTRUSTED MRCONFIG FILES
Since mrconfig files can contain arbitrary shell commands, they can do
anything. This flexibility is good, but it also allows a malicious mrconfig
file to delete your whole home directory. Such a file might be contained
-inside a repository that your main ~/.mrconfig checks out and chains to. To
-avoid worries about evil commands in a mrconfig file, mr
-has the ability to read mrconfig files in untrusted mode. Such files are
-limited to running only known safe commands (like "git clone") in a
-carefully checked manner.
+inside a repository that your main ~/.mrconfig checks out. To
+avoid worries about evil commands in a mrconfig file, mr defaults to
+reading all mrconfig files other than the main ~/.mrconfig in untrusted
+mode. In untrusted mode, mrconfig files are limited to running only known
+safe commands (like "git clone") in a carefully checked manner.
+
+To configure mr to trust other mrconfig files, list them in ~/.mrtrust.
+One mrconfig file should be listed per line. Either the full pathname
+should be listed, or the pathname can start with "~/" to specify a file
+relative to your home directory.
-By default, mr trusts all mrconfig files. (This default will change in a
-future release!) But if you have a ~/.mrtrust file, mr will only trust
-mrconfig files that are listed within it. (One file per line.) All other
-files will be treated as untrusted.
+=head1 OFFLINE LOG FILE
+
+The ~/.mrlog file contains commands that mr has remembered to run later,
+due to being offline. You can delete or edit this file to remove commands,
+or even to add other commands for 'mr online' to run. If the file is
+present, mr assumes it is in offline mode.
-Copyright 2007-2010 Joey Hess <joey@kitenet.net>
+Copyright 2007-2011 Joey Hess <joey@kitenet.net>
Licensed under the GNU GPL version 2 or higher.
Licensed under the GNU GPL version 2 or higher.
my $trustfile=$ENV{HOME}."/.mrtrust";
my $trustfile=$ENV{HOME}."/.mrtrust";
- if (! -e $trustfile) {
- print "mr: Assuming $config is trusted.\n";
- print "mr: For better security, you are encouraged to create ~/.mrtrust\n";
- print "mr: and list all trusted mrconfig files in it.\n";
- return 1;
- }
-
if (! %trusted) {
$trusted{"$ENV{HOME}/.mrconfig"}=1;
if (! %trusted) {
$trusted{"$ENV{HOME}/.mrconfig"}=1;
- open (TRUST, "<", $trustfile) || die "$trustfile: $!";
- while (<TRUST>) {
- chomp;
- s/^~\//$ENV{HOME}\//;
- $trusted{abs_path($_)}=1;
+ if (open (TRUST, "<", $trustfile)) {
+ while (<TRUST>) {
+ chomp;
+ s/^~\//$ENV{HOME}\//;
+ $trusted{abs_path($_)}=1;
+ }
+ close TRUST;
}
return $trusted{$config};
}
return $trusted{$config};
+sub trusterror {
+ die shift()."\n".
+ "(To trust this file, list it in ~/.mrtrust.)\n";
+}
+
my %loaded;
sub loadconfig {
my $f=shift;
my %loaded;
sub loadconfig {
my $f=shift;
if (! is_trusted_repo($section) ||
$section eq 'ALIAS' ||
$section eq 'DEFAULT') {
if (! is_trusted_repo($section) ||
$section eq 'ALIAS' ||
$section eq 'DEFAULT') {
- die "mr: illegal section \"[$section]\" in untrusted $f line $line\n";
+ trusterror "mr: illegal section \"[$section]\" in untrusted $f line $line";
}
}
$section=expandenv($section) if $trusted;
}
}
$section=expandenv($section) if $trusted;
# Untrusted files can only contain checkout
# parameters.
if ($parameter ne 'checkout') {
# Untrusted files can only contain checkout
# parameters.
if ($parameter ne 'checkout') {
- die "mr: illegal setting \"$parameter=$value\" in untrusted $f line $line\n";
+ trusterror "mr: illegal setting \"$parameter=$value\" in untrusted $f line $line";
}
if (! is_trusted_checkout($value)) {
}
if (! is_trusted_checkout($value)) {
- die "mr: illegal checkout command \"$value\" in untrusted $f line $line\n";
+ trusterror "mr: illegal checkout command \"$value\" in untrusted $f line $line";