bzrlib/smart/server.py has a serve_bzr method which is used by "bzr serve". That method has these lines:
chroot_server = ChrootServer(transport)
chroot_server.setUp()
t = get_transport(chroot_server.get_url())
But it then fails to use either chroot_server or t. Instead it runs the server with 'transport', which is generally a file:/// URL.
This would be the cause of at least one bug I've already seen reported, and may also have security implications.
It certainly breaks some trivial uses of bzr serve. A server set up like this:
$ mkdir /tmp/test-area
$ cd /tmp/test-area
$ bzr serve --allow-writes
Will not behave correctly:
$ bzr --no-plugins init bzr://localhost/some-branch
bzr: ERROR: Server sent an unexpected error: ('error', "An attempt to access a url outside the server jail was made: 'file:///tmp/'.")
HPSS calls: 7 (2 vfs) <bzrlib.smart.medium.SmartTCPClientMedium object at 0x959fbec>
bzrlib/ smart/server. py has a serve_bzr method which is used by "bzr serve". That method has these lines:
chroot_server = ChrootServer( transport) server. setUp() chroot_ server. get_url( ))
chroot_
t = get_transport(
But it then fails to use either chroot_server or t. Instead it runs the server with 'transport', which is generally a file:/// URL.
This would be the cause of at least one bug I've already seen reported, and may also have security implications.
It certainly breaks some trivial uses of bzr serve. A server set up like this:
$ mkdir /tmp/test-area
$ cd /tmp/test-area
$ bzr serve --allow-writes
Will not behave correctly:
$ bzr --no-plugins init bzr://localhost /some-branch smart.medium. SmartTCPClientM edium object at 0x959fbec>
bzr: ERROR: Server sent an unexpected error: ('error', "An attempt to access a url outside the server jail was made: 'file:///tmp/'.")
HPSS calls: 7 (2 vfs) <bzrlib.
This should be fixed for 1.17.