grim/hgkeeper
Clone
Summary
Browse
Changes
Graph
Normalize paths before passing them to the authorization checker
17 months ago, Gary Kramlich
e33f7739ab49
Normalize paths before passing them to the authorization checker
This bug allowed attackers to bypass deny rules by adding a trailing / to the
repository which depending on the policy could grant them access to said
repository.
PermitUserEnvironment HGK_*
Match User hg
AuthorizedKeysCommand /usr/local/bin/hgkeeper --repos-path=/repos authorized-keys %f
AuthorizedKeysCommandUser hg