Mercurial > hg > mercurial-crew-with-dirclash

diff mercurial/ui.py @ 3010:494521a3f142

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Only read .hg/hgrc files from trusted users/groups The list of trusted users and groups is specified in the [trusted] section of a hgrc; the current user is always trusted; "*" can be used to trust all users/groups. Global hgrc files are always read. On Windows (and other systems that don't have the pwd and grp modules), all .hg/hgrc files are read.
author Alexis S. L. Carvalho <alexis@cecm.usp.br>
date Tue, 22 Aug 2006 20:45:03 -0300
parents 731f6b3d27c2
children 01454af644b8 c27d1e1798a3
line wrap: on
line diff
--- a/mercurial/ui.py
+++ b/mercurial/ui.py
@@ -19,6 +19,8 @@ class ui(object):
             # this is the parent of all ui children
             self.parentui = None
             self.readhooks = list(readhooks)
+            self.trusted_users = {}
+            self.trusted_groups = {}
             self.cdata = ConfigParser.SafeConfigParser()
             self.readconfig(util.rcpath())
 
@@ -37,6 +39,8 @@ class ui(object):
             # parentui may point to an ui object which is already a child
             self.parentui = parentui.parentui or parentui
             self.readhooks = list(parentui.readhooks or readhooks)
+            self.trusted_users = parentui.trusted_users.copy()
+            self.trusted_groups = parentui.trusted_groups.copy()
             parent_cdata = self.parentui.cdata
             self.cdata = ConfigParser.SafeConfigParser(parent_cdata.defaults())
             # make interpolation work
@@ -72,7 +76,22 @@ class ui(object):
             fn = [fn]
         for f in fn:
             try:
-                self.cdata.read(f)
+                fp = open(f)
+            except IOError:
+                continue
+            if ((self.trusted_users or self.trusted_groups) and
+                '*' not in self.trusted_users and
+                '*' not in self.trusted_groups):
+                st = util.fstat(fp)
+                user = util.username(st.st_uid)
+                group = util.groupname(st.st_gid)
+                if (user not in self.trusted_users and
+                    group not in self.trusted_groups):
+                    self.warn(_('not reading file %s from untrusted '
+                                'user %s, group %s\n') % (f, user, group))
+                    continue
+            try:
+                self.cdata.readfp(fp, f)
             except ConfigParser.ParsingError, inst:
                 raise util.Abort(_("Failed to parse %s\n%s") % (f, inst))
         # translate paths relative to root (or home) into absolute paths
@@ -81,6 +100,13 @@ class ui(object):
         for name, path in self.configitems("paths"):
             if path and "://" not in path and not os.path.isabs(path):
                 self.cdata.set("paths", name, os.path.join(root, path))
+        user = util.username()
+        if user is not None:
+            self.trusted_users[user] = 1
+            for user in self.configlist('trusted', 'users'):
+                self.trusted_users[user] = 1
+            for group in self.configlist('trusted', 'groups'):
+                self.trusted_groups[group] = 1
         for hook in self.readhooks:
             hook(self)