From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kate Rhodes <masukomi@gmail.com>
Subject: Re: git-daemon is insecure? (was: [RFC] Secure central repositories)
Date: Sun, 27 Jan 2008 19:54:41 -0500
Message-ID: <1201481687.2BC3E4A6@dj11.dngr.org>
References: <1201481268.12DFA67D@ea27.dngr.org>
Reply-To: Kate Rhodes <masukomi@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
To: git@vger.kernel.org
X-From: git-owner@vger.kernel.org Mon Jan 28 02:21:02 2008
Return-path: <git-owner@vger.kernel.org>
Envelope-to: gcvg-git-2@gmane.org
Received: from vger.kernel.org ([209.132.176.167])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1JJIgG-0000by-Q2
	for gcvg-git-2@gmane.org; Mon, 28 Jan 2008 02:21:01 +0100
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751886AbYA1BU3 (ORCPT <rfc822;gcvg-git-2@m.gmane.org>);
	Sun, 27 Jan 2008 20:20:29 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752449AbYA1BU3
	(ORCPT <rfc822;git-outgoing>); Sun, 27 Jan 2008 20:20:29 -0500
Received: from mta1.prod1.dngr.net ([216.220.209.220]:57482 "EHLO
	mta4.prod1.dngr.net" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
	with ESMTP id S1751540AbYA1BU2 (ORCPT <rfc822;git@vger.kernel.org>);
	Sun, 27 Jan 2008 20:20:28 -0500
X-Greylist: delayed 1476 seconds by postgrey-1.27 at vger.kernel.org; Sun, 27 Jan 2008 20:20:28 EST
Received: from prod.danger.com (unknown [10.253.33.100])
	by px01.prod1.dngr.org (Postfix) with ESMTP id 54FA01103BB5
	for <git@vger.kernel.org>; Sun, 27 Jan 2008 16:54:54 -0800 (PST)
Received: from [10.253.33.100] (HELO localhost.localdomain)
  by mfe1.prod.danger.com (CommuniGate Pro SMTP 5.1.8)
  with ESMTP id 2130074417 for git@vger.kernel.org; Sun, 27 Jan 2008 16:54:47 -0800
X-Mailer: Danger Service
X-Danger-Send-Id: AABjpEedJ9cAAYar 
Sender: git-owner@vger.kernel.org
Precedence: bulk
List-ID: <git.vger.kernel.org>
X-Mailing-List: git@vger.kernel.org
Archived-At: <http://permalink.gmane.org/gmane.comp.version-control.git/71845>

>  UNIX provides the
> tools to do this, because there are cases where it can be useful,
> but really, you have to be nuts to export all of $HOME.

Never ascribe to lunacy what ignorance and stupidity can easily 
encompass.

When it comes to security issues you have to try and account for *all* 
the idiots.

~kate = masukomi
http://weblog.masukomi.org