# HG changeset patch # User Robert McIntyre # Date 1357791917 0 # Node ID c75924bd38e3712396642a415e4aa796fe8890d6 # Parent 4fbe69d24a9ccbe7a697d37aa5960a143b3d3d60 fix security hole relating to path for package user. diff -r 4fbe69d24a9c -r c75924bd38e3 src/hg-wrapper.c --- a/src/hg-wrapper.c Wed Jan 09 12:32:58 2013 +0000 +++ b/src/hg-wrapper.c Thu Jan 10 04:25:17 2013 +0000 @@ -2,7 +2,8 @@ #include main( int argc, char ** argv){ - pipecmd* p = pipecmd_new("hg"); + pipecmd* p = + pipecmd_new("/pkg/hg-committer/hg"); int i; for(i = 1; i < argc; i++){ diff -r 4fbe69d24a9c -r c75924bd38e3 src/pkg.pl --- a/src/pkg.pl Wed Jan 09 12:32:58 2013 +0000 +++ b/src/pkg.pl Thu Jan 10 04:25:17 2013 +0000 @@ -79,7 +79,7 @@ @pkg_copy_hg_wrapper_cmd = (install, "-g", "hg-wheel", "-o", "hg-committer", - "-m", "6111", "/pkg/hg-committer/.hg-wrapper", $pkg_home); + "-m", "6111", "/pkg/hg-committer/hg-wrapper", "$pkg_home/.hg-wrapper"); sub execute{print "\t@_\n"; system(@_) and die $!;} diff -r 4fbe69d24a9c -r c75924bd38e3 src/system-init.pl --- a/src/system-init.pl Wed Jan 09 12:32:58 2013 +0000 +++ b/src/system-init.pl Thu Jan 10 04:25:17 2013 +0000 @@ -126,8 +126,10 @@ $pwd = getcwd; execute("gpasswd --add hg-committer hg-wheel"); -execute("ln -sfv $pwd/profile /pkg/hg-committer/.profile"); -execute("ln -sfv $pwd/hg-wrapper /pkg/hg-committer/.hg-wrapper"); +execute("ln -sf $pwd/profile /pkg/hg-committer/.profile"); +execute("ln -sf $pwd/hg-wrapper /pkg/hg-committer/"); +execute("ln -sf `which hg` /pkg/hg-committer/"); +