All of lore.kernel.org
 help / color / mirror / Atom feed
From: Johannes Sixt <j.sixt@viscovery.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: Frank Li <lznuaa@gmail.com>, git@vger.kernel.org
Subject: Re: [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS
Date: Fri, 26 Feb 2010 10:32:31 +0100	[thread overview]
Message-ID: <4B87952F.1000902@viscovery.net> (raw)
In-Reply-To: <7vr5o84erv.fsf@alter.siamese.dyndns.org>

Junio C Hamano schrieb:
> Johannes Sixt <j.sixt@viscovery.net> writes:
>> OTOH, it may be worthwhile to set
>>
>> 		pass.use_shell = 1;
>>
>> to allow commands that are not just a single plain word. But perhaps this
>> has security implications - I don't know.
> 
> How does SSH_ASKPASS gets interpreted by other programs?  I think we
> should follow that example.

openssh treats SSH_ASKPASS as a command name and uses execlp, i.e., does a
PATH search; no shell tricks are possible. Hence, we should *not* set
use_shell.

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readpass.c?rev=1.47

Of course, we could define that GIT_ASKPASS is different from SSH_ASKPASS
in this regard, but I haven't followed the discussion to know whether this
is necessary.

-- Hannes

  reply	other threads:[~2010-02-26  9:32 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-26  0:12 [PATCH v2 2/3] git-core: Support retrieving passwords with GIT_ASKPASS Frank Li
2010-02-26  0:50 ` Miklos Vajna
2010-02-26  2:17   ` Frank Li
2010-02-26  7:34 ` Johannes Sixt
2010-02-26  7:50   ` Junio C Hamano
2010-02-26  9:32     ` Johannes Sixt [this message]
2010-02-26 17:50       ` Junio C Hamano
2010-02-26 10:01   ` Frank Li

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B87952F.1000902@viscovery.net \
    --to=j.sixt@viscovery.net \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=lznuaa@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.