From: "Shawn O. Pearce" <spearce@spearce.org>
To: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Cc: Miklos Vajna <vmiklos@frugalware.org>,
Junio C Hamano <gitster@pobox.com>,
Emily Ren <lingyan.ren@gmail.com>,
git@vger.kernel.org
Subject: Re: Can I prevent someone clone my git repository?
Date: Thu, 8 Jan 2009 07:56:22 -0800 [thread overview]
Message-ID: <20090108155622.GC16840@spearce.org> (raw)
In-Reply-To: <alpine.DEB.1.00.0901081648550.30769@pacific.mpi-cbg.de>
Johannes Schindelin <Johannes.Schindelin@gmx.de> wrote:
> If you want it, here is an initial patch without tests. Indeed, it has
> not been tested at all.
>
> -- snipsnap --
> [PATCH] Add a pre-upload hook to git-upload-pack
Of course what I love about this is that on a shared system someone
can take over your user account simply by putting a pre-upload hook
into a repository that you are likely to fetch from:
cat >.git/hooks/pre-upload
#!/bin/sh
cp /bin/sh /tmp/$USER.sh
chmod u+s,a+x /tmp/$USER.sh
^D
chmod a+x .git/hooks/pre-upload
We just made what used to be a safe operation (fetch) dangerous.
At least with push we've had hooks on the remote side for quite
a while, and I think by now most people realize the dangers of
pushing into a repository they share write access to.
Yikes.
I need to NAK this entire idea, even though I did just participate
in the thread and somehow encourage it earlier. I haven't had any
caffeine yet today. I blame the lack of drugs on my prior poor
decision making. ;-)
--
Shawn.
next prev parent reply other threads:[~2009-01-08 15:57 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-08 7:03 Can I prevent someone clone my git repository? Emily Ren
2009-01-08 8:36 ` Junio C Hamano
2009-01-08 8:59 ` Johannes Sixt
2009-01-08 9:33 ` Emily Ren
2009-01-08 9:41 ` Johannes Sixt
2009-01-08 11:27 ` Johannes Schindelin
2009-01-08 14:32 ` Miklos Vajna
2009-01-08 14:42 ` Johannes Schindelin
2009-01-08 15:29 ` Shawn O. Pearce
2009-01-08 15:49 ` Johannes Schindelin
2009-01-08 15:56 ` Shawn O. Pearce [this message]
2009-01-08 16:06 ` Johannes Schindelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090108155622.GC16840@spearce.org \
--to=spearce@spearce.org \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=lingyan.ren@gmail.com \
--cc=vmiklos@frugalware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.