Patchwork sslutil: add assertion to prevent accidental CA usage on Windows

login
register
mail settings
Submitter Gregory Szorc
Date July 14, 2016, 2:34 a.m.
Message ID <a5326612c5c560144efa.1468463649@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/15834/
State Accepted
Headers show

Comments

Gregory Szorc - July 14, 2016, 2:34 a.m.
# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1468463632 25200
#      Wed Jul 13 19:33:52 2016 -0700
# Node ID a5326612c5c560144efa7dfbc01f10eaf60a9fa1
# Parent  83147ff53112c436270f24fe5b3599024a0edaaa
sslutil: add assertion to prevent accidental CA usage on Windows

Yuya suggested we add this check to ensure we don't accidentally try
to load user-writable paths on Windows if we change the control
flow of this function later.
Yuya Nishihara - July 14, 2016, 2:34 p.m.
On Wed, 13 Jul 2016 19:34:09 -0700, Gregory Szorc wrote:
> # HG changeset patch
> # User Gregory Szorc <gregory.szorc@gmail.com>
> # Date 1468463632 25200
> #      Wed Jul 13 19:33:52 2016 -0700
> # Node ID a5326612c5c560144efa7dfbc01f10eaf60a9fa1
> # Parent  83147ff53112c436270f24fe5b3599024a0edaaa
> sslutil: add assertion to prevent accidental CA usage on Windows

Queued, thanks.

Patch

diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -494,16 +494,21 @@  def _defaultcacerts(ui):
         # files. Also consider exporting the keychain certs to a file during
         # Mercurial install.
         if not _canloaddefaultcerts:
             ui.warn(_('(unable to load CA certificates; see '
                       'https://mercurial-scm.org/wiki/SecureConnections for '
                       'how to configure Mercurial to avoid this message)\n'))
         return None
 
+    # / is writable on Windows. Out of an abundance of caution make sure
+    # we're not on Windows because paths from _systemcacerts could be installed
+    # by non-admin users.
+    assert os.name != 'nt'
+
     # Try to find CA certificates in well-known locations. We print a warning
     # when using a found file because we don't want too much silent magic
     # for security settings. The expectation is that proper Mercurial
     # installs will have the CA certs path defined at install time and the
     # installer/packager will make an appropriate decision on the user's
     # behalf. We only get here and perform this setting as a feature of
     # last resort.
     if not _canloaddefaultcerts: