I've found a few minor things that make fossil less flexible than it could be.
1) SQLITE_DEFAULT_FILE_PERMISSIONS is set to 0644 where I would argue that it should be 0666, because it is masked by umask anyway. It was surprising to me when I set umask to 7 and then created a fossil that ended up with 640 permissions. Of course, one can simply chmod g+w, but it's a surprise. 2) enter_chroot_jail should only be called if running as root, because the semantics of setgid/setuid are tricky when running as a (non-root) setuid/setgid program (see http://unixpapa.com/incnote/setuid.html if you doubt me!). In my case I end up unable to read the repo, so cannot initialize it properly. This is also solvable, although not so easily. Sorry, I wrote this a while ago, and I've worked around the issues, but it would be nice if they were resolved. ../Dave On 28 September 2017 at 16:04, Richard Hipp <d...@sqlite.org> wrote: > On 9/28/17, David Mason <dma...@ryerson.ca> wrote: > > > > Last question for a while: in clone.c line 104 it says to use %40, %2f > and > > %3a for special characters in the userid and password (for obvious > > reasons). Are there any other restrictions on the repo name or other > parts > > of the URL? > > Note that I recall. But there might be some that I've forgotten about. > > As a security precaution in your system, I think you would do well to > restrict repo names to begin with an alphanumeric, end with ".fossil", > and contain no characters other than alphanumerics, '.', '_', and '-'. > Maybe also only allow a single '.', specifically the one that occurs > on the ".fossil" suffix. > -- > D. Richard Hipp > d...@sqlite.org > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users >
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
