You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Greg Hudson <gh...@MIT.EDU> on 2005/10/13 01:38:13 UTC
Re: Client side hook scripts [Was: Proposal for $Revision$ keyword
amendment, "global" revnums, etc...]
On Tue, 2005-10-11 at 22:30 +0200, Miha Vitorovic wrote:
> I must say that, after following this discussion in its many
> incarnations, I have been finally shown the light. :-) I think that it
> would be much more useful for people to start pushing for/requesting
> client side hook scripts.
Client-side hook scripts have bad security implications; they allow the
server to tell the client to do anything at all, when the user was
really only interested in letting the server feed it updates.
We could provide a sandboxed language interpreter with a defined set of
user-visible primitives to overcome that problem, but that's way too
much complexity for the benefit.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Client side hook scripts [Was: Proposal for $Revision$ keyword amendment, "global" revnums, etc...]
Posted by Marc Haisenko <ha...@webport.de>.
On Thursday 13 October 2005 03:38, Greg Hudson wrote:
> Client-side hook scripts have bad security implications; they allow the
> server to tell the client to do anything at all, when the user was
> really only interested in letting the server feed it updates.
>
> We could provide a sandboxed language interpreter with a defined set of
> user-visible primitives to overcome that problem, but that's way too
> much complexity for the benefit.
Even this won't save you, as you'd need to be able to call external tools,
i.e. indent or other code formaters. And if you can do that, I can find a way
to call "rm -rf ~" that you can't catch.
--
Marc Haisenko
Systemspezialist
Webport IT-Services GmbH
mailto: haisenko@webport.de
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Client side hook scripts
Posted by John Peacock <jp...@rowman.com>.
Miha Vitorovic wrote:
> What I meant was, that the task of setting up the "client side scripts" is
> in this case up to the user. It can't be done automatically when
> connecting to the repository.
That's correct. Subversion doesn't currently include _any_ server-resident
config support (though it is something that many people want, a few people have
ideas for, and no one has followed through on).
But this also brings up the point that any given user might be connecting to
many different repositories, each with their own rules. There is additional
difficulty managing wrappers or client-side scripts where one remote repository
might require a specific local trigger and another might not.
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4720 Boston Way
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5747
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Client side hook scripts
Posted by Miha Vitorovic <mv...@nil.si>.
John Peacock <jp...@rowman.com> wrote on 13.10.2005 13:13:48:
> Miha Vitorovic wrote:
> >> But that's easier to do using scripts that wrap calls to svn
themselves,
> >> in my opinion.
> >
> > Well, yes. But then you run into a problem of "script" distribution.
>
> Not at all, if you keep the scripts in the repository itself. But this,
of
> course, requires trusting the repository admin. The point is that
Subversion
> may not ever be in the position of being able to provide a trusted
scripting
> solution, but that any site is more than able to provide what they
consider to
> be appropriate client-side wrappers which have exactly the same effect.
What I meant was, that the task of setting up the "client side scripts" is
in this case up to the user. It can't be done automatically when
connecting to the repository.
Cheers,
---
Miha Vitorovic
Inženir v tehničnem področju
Customer Support Engineer
NIL Data Communications, Tivolska cesta 48, 1000 Ljubljana, Slovenia
Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Client side hook scripts
Posted by John Peacock <jp...@rowman.com>.
Miha Vitorovic wrote:
>> But that's easier to do using scripts that wrap calls to svn themselves,
>> in my opinion.
>
> Well, yes. But then you run into a problem of "script" distribution.
Not at all, if you keep the scripts in the repository itself. But this, of
course, requires trusting the repository admin. The point is that Subversion
may not ever be in the position of being able to provide a trusted scripting
solution, but that any site is more than able to provide what they consider to
be appropriate client-side wrappers which have exactly the same effect.
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4720 Boston Way
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5747
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Client side hook scripts
Posted by Miha Vitorovic <mv...@nil.si>.
Malcolm Rowe <ma...@farside.org.uk> wrote on 13.10.2005
12:16:17:
> On Wed, Oct 12, 2005 at 09:38:13PM -0400, Greg Hudson wrote:
> > Client-side hook scripts have bad security implications; they allow
the
> > server to tell the client to do anything at all, when the user was
> > really only interested in letting the server feed it updates.
>
> We could provide client-defined client-side hook scripts, allowing the
> client to run a given command after an update in a particular working
> copy, for example. No security risks then.
>
> But that's easier to do using scripts that wrap calls to svn themselves,
> in my opinion.
Well, yes. But then you run into a problem of "script" distribution.
And I do know that client side scripting is not as easy as it sounds (and
it doesn't sound easy at all :) )
Maybe "the best" solution would be to notify the client of each
client-side script change, with the option of accepting the script or not,
and enabling/disabling the scripts no matter what the server says. That
would of course be "a very advanced feature", because you would either
have to be able to understand the script you are receiving (wouldn't work
for secretaries), or trust your repository admin/owner completely (which
would work for anybody).
And you would also gain this neat measure of how successfully Subversion
is. As soon as you'd get the first Subversion worm, you'd know you have
finally made it >:-)
Cheers,
---
Miha Vitorovic
Inženir v tehničnem področju
Customer Support Engineer
NIL Data Communications, Tivolska cesta 48, 1000 Ljubljana, Slovenia
Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Client side hook scripts [Was: Proposal for $Revision$ keyword amendment, "global" revnums, etc...]
Posted by Malcolm Rowe <ma...@farside.org.uk>.
On Wed, Oct 12, 2005 at 09:38:13PM -0400, Greg Hudson wrote:
> Client-side hook scripts have bad security implications; they allow the
> server to tell the client to do anything at all, when the user was
> really only interested in letting the server feed it updates.
We could provide client-defined client-side hook scripts, allowing the
client to run a given command after an update in a particular working
copy, for example. No security risks then.
But that's easier to do using scripts that wrap calls to svn themselves,
in my opinion.
Regards,
Malcolm
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org