Hooks and Security
Hooks Are Run with Your Privileges
When you run a Mercurial command in a repository, and the command causes a hook to run, that hook runs on your system, under your user account, with your privilege level. Since hooks are arbitrary pieces of executable code, you should treat them with an appropriate level of suspicion. Do not install a hook unless you are confident that you know who created it and what it does.
In some cases, you may be exposed to hooks that you did not install yourself. If you work with Mercurial on an unfamiliar system, Mercurial will run hooks defined in that system’s global ~/.hgrc file.
If you are working with a repository owned by another
user, Mercurial can run hooks defined in that user’s repository, but
it will still run them as “you.” For example, if you
hg pull from that repository, and its
.hg/hgrc defines a local outgoing
hook, that hook will run under your
user account, even though you don’t own that repository.
Note
This only applies if you are pulling from a
repository on a local or network filesystem. If you’re pulling over
http or ssh, any outgoing
hook will
run under whatever account is executing the server process on the
server.
To see what hooks are defined in a repository, use the hg showconfig hooks command. If you are working in one repository but talking to another that you do not own (e.g., using hg pull or hg incoming), remember that it is the other repository’s hooks you should be checking, not your own.
Hooks Do Not Propagate ...
Get Mercurial: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.