( )⚙ D10905 stream: double check that self.vfs is *not* in the vfsmap

This is an archive of the discontinued Mercurial Phabricator instance.

stream: double check that self.vfs is *not* in the vfsmap
ClosedPublic

Authored by marmoute on Jun 24 2021, 3:14 AM.

Details

Summary

The stream clone logic allows for writing any content to any file under various
vfs. This is *not* suitable for *vfs*, since writing in .hg/ directly allow to
modify the configuration and is a great and simple gateway for remote code
execution.

Diff Detail

Repository
rHG Mercurial
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.