commit emails from a central server with bzr 2.6
Glenn Morris
rgm at gnu.org
Thu Jun 6 05:48:52 UTC 2013
I got it working. There was a hard-coded --no-plugins being passed to
bzr in the script that acts as the login shell for Savannah users.
You may remember being prescient about this:
http://lists.gnu.org/archive/html/savannah-hackers-public/2010-03/msg00050.html
:)
Could you reassure me that removing --no-plugins is fine from a security
point of view? I don't really understand why Sylvain Beucler was so keen
on it back in 2010 [1]. I understand that users should not be able to
install arbitrary plugins. AFAIK, there is no way a Savannah user can do
this. They have no access to their home directories. In any case, the
login shell runs bzr with $ENV{'HOME'} = '/var/lib/bzr', and users
certainly do not have write access to that.
To be doubly sure, I'll add
$ENV{'BZR_PLUGIN_PATH'} = '-user:+core:-site'
to the environment that the login shell sets up.
[1] Probably relevant: in March 2010, sftp access was still available,
but it was disabled later that year:
http://lists.gnu.org/archive/html/savannah-hackers-public/2010-10/msg00015.html
More information about the bazaar
mailing list