[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Update 2022-02-01

From: Andrew Engelbrecht
Subject: Re: Update 2022-02-01
Date: Wed, 2 Feb 2022 17:01:23 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0

On 2/1/22 18:56, Bob Proulx wrote:

     $ hg clone ssh://
     remote: abort: potentially unsafe serve --stdio invocation: ['--cwd', 
'/srv/hg', '-R', 'test-project', 'serve', '--stdio']
     abort: no suitable response from remote hg!

This works over hg:// and http:// and https:// so this is really
strange that it is failing when used over ssh:// instead.

I'm not sure what the solution is, but here's a description of the error message from the hg source code:

            if realcmd == b'serve' and b'--stdio' in cmdargs:
                # We want to constrain 'hg serve --stdio' instances pretty
                # closely, as many shared-ssh access tools want to grant
                # access to run *only* 'hg -R $repo serve --stdio'. We
                # restrict to exactly that set of arguments, and prohibit
                # any repo name that starts with '--' to prevent
                # shenanigans wherein a user does something like pass
                # --debugger or --config=ui.debugger=1 as a repo
                # name. This used to actually run the debugger.
                if (
                    len(req.args) != 4
                    or req.args[0] != b'-R'
                    or req.args[1].startswith(b'--')
                    or req.args[2] != b'serve'
                    or req.args[3] != b'--stdio'
                    raise error.Abort(
_(b'potentially unsafe serve --stdio invocation: %s')
                        % (stringutil.pprint(req.args),)

US government employee? Use CFC charity code 63210 to support us through the Combined Federal Campaign.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]