diff --git a/mercurial/ui.py b/mercurial/ui.py --- a/mercurial/ui.py +++ b/mercurial/ui.py @@ -19,6 +19,8 @@ class ui(object): # this is the parent of all ui children self.parentui = None self.readhooks = list(readhooks) + self.trusted_users = {} + self.trusted_groups = {} self.cdata = ConfigParser.SafeConfigParser() self.readconfig(util.rcpath()) @@ -37,6 +39,8 @@ class ui(object): # parentui may point to an ui object which is already a child self.parentui = parentui.parentui or parentui self.readhooks = list(parentui.readhooks or readhooks) + self.trusted_users = parentui.trusted_users.copy() + self.trusted_groups = parentui.trusted_groups.copy() parent_cdata = self.parentui.cdata self.cdata = ConfigParser.SafeConfigParser(parent_cdata.defaults()) # make interpolation work @@ -72,7 +76,22 @@ class ui(object): fn = [fn] for f in fn: try: - self.cdata.read(f) + fp = open(f) + except IOError: + continue + if ((self.trusted_users or self.trusted_groups) and + '*' not in self.trusted_users and + '*' not in self.trusted_groups): + st = util.fstat(fp) + user = util.username(st.st_uid) + group = util.groupname(st.st_gid) + if (user not in self.trusted_users and + group not in self.trusted_groups): + self.warn(_('not reading file %s from untrusted ' + 'user %s, group %s\n') % (f, user, group)) + continue + try: + self.cdata.readfp(fp, f) except ConfigParser.ParsingError, inst: raise util.Abort(_("Failed to parse %s\n%s") % (f, inst)) # translate paths relative to root (or home) into absolute paths @@ -81,6 +100,13 @@ class ui(object): for name, path in self.configitems("paths"): if path and "://" not in path and not os.path.isabs(path): self.cdata.set("paths", name, os.path.join(root, path)) + user = util.username() + if user is not None: + self.trusted_users[user] = 1 + for user in self.configlist('trusted', 'users'): + self.trusted_users[user] = 1 + for group in self.configlist('trusted', 'groups'): + self.trusted_groups[group] = 1 for hook in self.readhooks: hook(self)