1787 +++ b/bar.txt |
1787 +++ b/bar.txt |
1788 @@ -0,0 +1,1 @@ |
1788 @@ -0,0 +1,1 @@ |
1789 +bar |
1789 +bar |
1790 |
1790 |
1791 $ cd .. |
1791 $ cd .. |
|
1792 |
|
1793 test for ssh exploit 2017-07-25 |
|
1794 |
|
1795 $ hg init malicious-proxycommand |
|
1796 $ cd malicious-proxycommand |
|
1797 $ echo 's = [hg]ssh://-oProxyCommand=touch${IFS}owned/path' > .hgsub |
|
1798 $ hg init s |
|
1799 $ cd s |
|
1800 $ echo init > init |
|
1801 $ hg add |
|
1802 adding init |
|
1803 $ hg commit -m init |
|
1804 $ cd .. |
|
1805 $ hg add .hgsub |
|
1806 $ hg ci -m 'add subrepo' |
|
1807 $ cd .. |
|
1808 $ hg clone malicious-proxycommand malicious-proxycommand-clone |
|
1809 updating to branch default |
|
1810 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' (in subrepository "s") |
|
1811 [255] |
|
1812 |
|
1813 also check that a percent encoded '-' (%2D) doesn't work |
|
1814 |
|
1815 $ cd malicious-proxycommand |
|
1816 $ echo 's = [hg]ssh://%2DoProxyCommand=touch${IFS}owned/path' > .hgsub |
|
1817 $ hg ci -m 'change url to percent encoded' |
|
1818 $ cd .. |
|
1819 $ rm -r malicious-proxycommand-clone |
|
1820 $ hg clone malicious-proxycommand malicious-proxycommand-clone |
|
1821 updating to branch default |
|
1822 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' (in subrepository "s") |
|
1823 [255] |
|
1824 |
|
1825 also check for a pipe |
|
1826 |
|
1827 $ cd malicious-proxycommand |
|
1828 $ echo 's = [hg]ssh://fakehost|shell/path' > .hgsub |
|
1829 $ hg ci -m 'change url to pipe' |
|
1830 $ cd .. |
|
1831 $ rm -r malicious-proxycommand-clone |
|
1832 $ hg clone malicious-proxycommand malicious-proxycommand-clone |
|
1833 updating to branch default |
|
1834 abort: potentially unsafe url: 'ssh://fakehost|shell/path' (in subrepository "s") |
|
1835 [255] |
|
1836 |
|
1837 also check that a percent encoded '|' (%7C) doesn't work |
|
1838 |
|
1839 $ cd malicious-proxycommand |
|
1840 $ echo 's = [hg]ssh://fakehost%7Cshell/path' > .hgsub |
|
1841 $ hg ci -m 'change url to percent encoded pipe' |
|
1842 $ cd .. |
|
1843 $ rm -r malicious-proxycommand-clone |
|
1844 $ hg clone malicious-proxycommand malicious-proxycommand-clone |
|
1845 updating to branch default |
|
1846 abort: potentially unsafe url: 'ssh://fakehost|shell/path' (in subrepository "s") |
|
1847 [255] |
|
1848 |
|
1849 and bad usernames: |
|
1850 $ cd malicious-proxycommand |
|
1851 $ echo 's = [hg]ssh://-oProxyCommand=touch owned@example.com/path' > .hgsub |
|
1852 $ hg ci -m 'owned username' |
|
1853 $ cd .. |
|
1854 $ rm -r malicious-proxycommand-clone |
|
1855 $ hg clone malicious-proxycommand malicious-proxycommand-clone |
|
1856 updating to branch default |
|
1857 abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned@example.com/path' (in subrepository "s") |
|
1858 [255] |