# HG changeset patch # User Paul Crowley # Date 1255431803 -3600 # Node ID eace50ec642773dbc710166934d585cc45e5532d # Parent 69596fffcf7ddd2a586112e43ac21379ca8f8806 Fix a minor inaccuracy in the security docs diff -r 69596fffcf7d -r eace50ec6427 doc/security --- a/doc/security Tue Oct 13 10:41:24 2009 +0100 +++ b/doc/security Tue Oct 13 12:03:23 2009 +0100 @@ -1,18 +1,19 @@ SECURITY OF MERCURIAL-SERVER -mercurial-server relies entirely on sshd to grant access to remote users. As a -result, it runs no daemons, installs no setuid programs, and no part of it -runs as root except the install process: all programs run as the user hg. And -any attack on mercurial-server can only be started if the Bad Guys already -have a public key in ~hg/.ssh/authorized_keys, otherwise sshd will bar the -way. No matter what command the user tries to run on the remote system via -ssh, mercurial-server is run. +mercurial-server relies entirely on sshd to grant access to remote users. +As a result, it runs no daemons, installs no setuid programs, and no part +of it runs as root except the install process: all programs run as the user +hg. And any attack on mercurial-server can only be started if the Bad Guys +already have a public key in ~hg/.ssh/authorized_keys, otherwise sshd will +bar the way. -It parses the command line the user asked for, and interprets and runs the -corresponding hg operation itself if access is allowed, so users can only read -and add to history within repositories; they cannot run any other hg command. -In addition, every push and pull is logged with a datestamp, changeset ID and -the key that performed the operation. +No matter what command the user tries to run on the remote system via ssh, +mercurial-server is run. It parses the command line the user asked for, and +interprets and runs the corresponding hg operation itself if access is +allowed, so users can only read and add to history within repositories; +they cannot run any other hg command. In addition, every push and pull is +logged with a datestamp, changeset ID and the key that performed the +operation. However, while the first paragraph holds no matter what bugs mercurial-server contains, the second depends on the relevant code being