Files @ fa3365c94064
Branch filter:

Location: kallithea/init.d/kallithea-upstart.conf

fa3365c94064 740 B text/plain Show Annotation Show as Raw Download as Raw
Mads Kiilerich
repos: introduce low level check of clone URIs to prevent direct file system access to local repos

This is already checked in web form validation, but also check at low level to
make sure API access enforce the same invariants.

This issue was found and reported by
Kacper Szurek
https://security.szurek.pl/
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# kallithea - run the kallithea daemon as an upstart job
# Change variables/paths as necessary and place file /etc/init/kallithea.conf
# start/stop/restart as normal upstart job (ie: $ start kallithea)

description	"Kallithea Mercurial Server"
author		"Matt Zuba <matt.zuba@goodwillaz.org"

start on (local-filesystems and runlevel [2345])
stop on runlevel [!2345]

respawn

umask 0022

env PIDFILE=/var/hg/kallithea/kallithea.pid
env LOGFILE=/var/hg/kallithea/log/kallithea.log
env APPINI=/var/hg/kallithea/production.ini
env HOME=/var/hg
env USER=hg
env GROUP=hg

exec /var/hg/.virtualenvs/kallithea/bin/paster serve --user=$USER --group=$GROUP --pid-file=$PIDFILE --log-file=$LOGFILE $APPINI

post-stop script
	rm -f $PIDFILE
end script
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.