From: "Stephen R. van den Berg" <srb@cuci.nl>
To: Paolo Bonzini <bonzini@gnu.org>
Cc: Junio C Hamano <gitster@pobox.com>,
Avery Pennarun <apenwarr@gmail.com>,
Johannes Sixt <j.sixt@viscovery.net>,
Karl Chen <quarl@cs.berkeley.edu>,
Git mailing list <git@vger.kernel.org>
Subject: Re: [PATCH] be paranoid about closed stdin/stdout/stderr
Date: Thu, 28 Aug 2008 15:58:46 +0200 [thread overview]
Message-ID: <20080828135846.GA6874@cuci.nl> (raw)
In-Reply-To: <48B6A57A.6050109@gnu.org>
Paolo Bonzini wrote:
>> It is either run by ssh (via command="" option in authorized_keys file),
>> by init/login (if in /etc/passwd), or by gitosis (and its equivalent).
>It is possible to run it with file descriptors closed via ssh, using
>command="git-shell 0<&- 1<&- 2<&-" in the authorized_keys file.
I don't consider this that relevant, however...
>It's true that in this case the user is also shooting himself, but given
>that git-shell is used to restrict operation to "safe" commands, this
>special case might be worth being worked around.
Since a programmer error in this case doesn't inflict just pain on the
user, but also is a potential security leak that can potentially be
exploited by third party users, things are different, and it is worth
catering for.
--
Sincerely,
Stephen R. van den Berg.
"Listen carefully, I shall say this only wence."
next prev parent reply other threads:[~2008-08-28 13:59 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-25 8:28 [PATCH] Fix start_command() pipe bug when stdin is closed Karl Chen
2008-08-25 10:44 ` Johannes Sixt
2008-08-25 11:49 ` Paolo Bonzini
2008-08-25 12:00 ` [PATCH v2] fix start_command() " Paolo Bonzini
2008-08-25 13:12 ` Johannes Sixt
2008-08-25 13:37 ` [PATCH v2 properly indented] " Paolo Bonzini
2008-08-25 16:00 ` Karl Chen
2008-08-26 0:06 ` Junio C Hamano
2008-08-26 6:09 ` Junio C Hamano
2008-08-26 6:33 ` Johannes Sixt
2008-08-26 6:45 ` Paolo Bonzini
2008-08-26 6:48 ` [PATCH] be paranoid about closed stdin/stdout/stderr Paolo Bonzini
2008-08-26 6:57 ` Johannes Sixt
2008-08-26 7:40 ` Stephen R. van den Berg
2008-08-27 5:01 ` Avery Pennarun
2008-08-27 9:18 ` Stephen R. van den Berg
2008-08-27 12:36 ` Paolo Bonzini
2008-08-27 15:20 ` [PATCH v4] make git-shell " Paolo Bonzini
2008-08-27 17:22 ` Stephen R. van den Berg
2008-08-27 17:27 ` [PATCH] be " Junio C Hamano
2008-08-28 13:17 ` Paolo Bonzini
2008-08-28 13:58 ` Stephen R. van den Berg [this message]
2008-08-27 18:22 ` Avery Pennarun
2008-08-28 12:21 ` Nick Andrew
2008-08-28 12:52 ` Stephen R. van den Berg
2008-08-26 17:38 ` Junio C Hamano
2008-08-26 18:33 ` Paolo Bonzini
2008-08-26 22:42 ` Junio C Hamano
2008-08-26 23:04 ` Junio C Hamano
2008-08-26 23:10 ` Stephen R. van den Berg
2008-08-27 3:05 ` Karl Chen
2008-08-27 4:38 ` Paolo Bonzini
2008-08-27 9:04 ` Stephen R. van den Berg
2008-08-27 6:35 ` Johannes Sixt
2008-08-27 8:20 ` Paolo Bonzini
2008-08-27 2:04 ` Nick Andrew
2008-08-25 15:56 ` [PATCH] Fix start_command() pipe bug when stdin is closed Karl Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080828135846.GA6874@cuci.nl \
--to=srb@cuci.nl \
--cc=apenwarr@gmail.com \
--cc=bonzini@gnu.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=j.sixt@viscovery.net \
--cc=quarl@cs.berkeley.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.