0

My hosting provider had enabled Trusted Path Execution (Grsec), so all my subversion hooks (for example post-commit) stopped working. Any attempt to commit something ends with warning:

post-commit hook failed (exit code 255) with no output.

I checked, that scripts can be run manually using following syntax:

bash post-commit [PATH] [REV]

but not by:

./post-commit [PATH] [REV]

I think Subversion uses the last one, which cause the problem. So is it possible to change the way which subversion handle hooks?

Krzysztof Bzowski
  • 115
  • 4

1 Answers1

1

Hook execution method is hard-coded in Subversion and you have to patch the source and re-build it, if you want to change that. The relevant code may be found in subversion/libsvn_repos/repos.{c,h} in the source distribution.

By the way, hooks are currently executed by their full path (as in /path/to/your/repo/hooks/post-commit) and not with cd /path/to/your/repo && ./post-commit.

Vladimir Blaskov
  • 6,073
  • 1
  • 26
  • 22
  • Is there any alternative which doesn't include recompilation of Subversion? Maybe it can be changed in grsec without turning off TPE? – Krzysztof Bzowski Jun 18 '12 at 15:05
  • As far as I know Grsecurity's TPE allows execution only in root owned directories writable only by root and directories owned by the executing user which aren't group writable nor world writable, so some tweaking of the hooks directory ownership and permission should do the trick. – Vladimir Blaskov Jun 19 '12 at 07:55