[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Update 2022-02-01
|
From: |
Andrew Engelbrecht |
|
Subject: |
Re: Update 2022-02-01 |
|
Date: |
Wed, 2 Feb 2022 17:01:23 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 |
On 2/1/22 18:56, Bob Proulx wrote:
$ hg clone ssh://rwp@hg.savannah.gnu.org/test-project
remote: abort: potentially unsafe serve --stdio invocation: ['--cwd',
'/srv/hg', '-R', 'test-project', 'serve', '--stdio']
abort: no suitable response from remote hg!
This works over hg:// and http:// and https:// so this is really
strange that it is failing when used over ssh:// instead.
I'm not sure what the solution is, but here's a description of the error
message from the hg source code:
if realcmd == b'serve' and b'--stdio' in cmdargs:
# We want to constrain 'hg serve --stdio' instances pretty
# closely, as many shared-ssh access tools want to grant
# access to run *only* 'hg -R $repo serve --stdio'. We
# restrict to exactly that set of arguments, and prohibit
# any repo name that starts with '--' to prevent
# shenanigans wherein a user does something like pass
# --debugger or --config=ui.debugger=1 as a repo
# name. This used to actually run the debugger.
if (
len(req.args) != 4
or req.args[0] != b'-R'
or req.args[1].startswith(b'--')
or req.args[2] != b'serve'
or req.args[3] != b'--stdio'
):
raise error.Abort(
_(b'potentially unsafe serve --stdio
invocation: %s')
% (stringutil.pprint(req.args),)
)
--
US government employee? Use CFC charity code 63210 to support us through
the Combined Federal Campaign. https://cfcgiving.opm.gov/
- Update 2022-02-01, Bob Proulx, 2022/02/01
- Re: Update 2022-02-01,
Andrew Engelbrecht <=