https://bz.mercurial-scm.org/show_bug.cgi?id=6467
Bug ID: 6467
Summary: purge remove files following directory junctions,
included destinations outside the repository (security
risk)
Product: Mercurial
Version: 5.6.1
Hardware: PC
OS: Windows
Status: UNCONFIRMED
Severity: bug
Priority: wish
Component: purge
Assignee: bugzi...@mercurial-scm.org
Reporter: danielebenegi...@fastwebnet.it
CC: mercurial-devel@mercurial-scm.org
Python Version: ---
Created attachment 2097
--> https://bz.mercurial-scm.org/attachment.cgi?id=2097&action=edit
Windows BAT file that reproduce the reported problems. Please run it from an
empty directory.
Hi,
if a working directory contains Directory Junctions (under Windows of course),
"hg purge" will delete the content *pointed by* the link (instead of the
directory junction only). This causes two big issues:
- it's a dangerous security problem, because if the link points outside the
repository (e.g. to system directories or to the the user's home directory),
the purge command wipes out unexpected files. Note that - for example - package
managers like NPM (NodeJS) could run install scripts out of the control of the
user, and also an innocent link could make "hg purge" to delete content in the
user PC.
- it can delete tracked files in the repository, resulting in missing files and
(if a tracked file was modified) lost changes.
Adding the known Directory Junctions to the ".hgignore" file doesn't solve the
problem (and of course can't be done for unknown junctions created by package
managers).
In attachment you can find a simple BAT file that creates both the above
scenarios, calling "hg purge --print" to show the problem. If you remove the
"--print" option you can see the effects. Please run the script in an empty
directory (it expects "hg" to be in the PATH).
The same setup using Unix "symlinks" under macOS works as expected instead: the
symlink is removed but no content pointed by the symlink is processed by "hg
purge". I think the same behavior is expected using the Directory Junctions
under Windows.
We often work with special build tools, and so we are forced - under Windows -
to rely on Directory Junctions in the working copy to accomodate files and
directories as expected by such build tools. This is more often needed when
working with sub-repositories. I hope you can fix this, considering the
implications.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
