diff options
Diffstat (limited to 'libbe/ui/util/cmdutil.py')
| -rw-r--r-- | libbe/ui/util/cmdutil.py | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/libbe/ui/util/cmdutil.py b/libbe/ui/util/cmdutil.py index 86ff9fc..f2eb5b9 100644 --- a/libbe/ui/util/cmdutil.py +++ b/libbe/ui/util/cmdutil.py @@ -59,20 +59,6 @@ def execute(cmd, args, def restrict_file_access(bugdir, path): - """ - Check that the file at path is inside bugdir.root. This is - important if you allow other users to execute becommands with your - username (e.g. if you're running be-handle-mail through your - ~/.procmailrc). If this check wasn't made, a user could e.g. - run - be commit -b ~/.ssh/id_rsa "Hack to expose ssh key" - which would expose your ssh key to anyone who could read the VCS - log. - """ - in_root = bugdir.vcs.path_in_root(path, bugdir.root) - if in_root == False: - raise UserError('file access restricted!\n %s not in %s' - % (path, bugdir.root)) def parse_id(id): """ |