From: "Shawn O. Pearce" <spearce@spearce.org>
To: Theodore Tso <tytso@mit.edu>
Cc: Junio C Hamano <junkio@cox.net>,
Johannes Schindelin <Johannes.Schindelin@gmx.de>,
git@vger.kernel.org
Subject: Re: [PATCH] Allow aliases to expand to shell commands
Date: Mon, 12 Feb 2007 01:53:19 -0500 [thread overview]
Message-ID: <20070212065319.GF699@spearce.org> (raw)
In-Reply-To: <20070212035613.GA18010@thunk.org>
Theodore Tso <tytso@mit.edu> wrote:
> On Sun, Feb 11, 2007 at 01:44:25PM -0800, Junio C Hamano wrote:
> > Theodore Tso <tytso@mit.edu> writes:
> >
> > > ..., I think we're
> > > still safe, since aliases can't override commands.
> >
> > I feel a bit uneasy to hear safety argument based on that
> > current restriction, since we might want to loosen it later.
>
> Loosen which restriction?
>
> 1) The ability for aliases to shadow existing git commands?
This one.
> 2) The ability for untrusted users to make arbitrary changes to the
> config file?
> 3) The ability for untrusted users to execute arbitrary git commands via
> git-shell?
>
> You hjave to loosen at least 2 of the 3 current restrictions before
> the ability to execute shell commands out of aliases becomes a problem
> --- and I would argue that either (2) or (3) are things that we would
> be insane to loosen at least to the point of allowing untrusted users
> to make arbitrary changes to the config or execute arbitrary git
> commands, since even today, they could do a huge amount of damage
> already.
I agree, 2 and 3 are the real issue here, not 1. 1 is only an
issue for scripts which expect the plumbing to behave a certain
way, but doesn't, as the user has aliased the plumbing command.
--
Shawn.
next prev parent reply other threads:[~2007-02-12 6:53 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-08 0:18 Git rescue mission Bill Lear
2007-02-08 0:22 ` Johannes Schindelin
2007-02-08 0:24 ` Bill Lear
2007-02-08 0:25 ` Johannes Schindelin
2007-02-08 0:34 ` Bill Lear
2007-02-08 0:48 ` Junio C Hamano
2007-02-08 4:28 ` Alexander Litvinov
2007-02-09 0:53 ` Junio C Hamano
2007-02-09 3:32 ` Alexander Litvinov
2007-02-08 15:27 ` Bill Lear
2007-02-08 15:56 ` Jakub Narebski
2007-02-08 23:24 ` Jeff King
2007-02-08 23:32 ` Bill Lear
2007-02-08 17:27 ` Linus Torvalds
2007-02-08 20:12 ` Kalle Pokki
2007-02-08 21:23 ` Linus Torvalds
2007-02-08 22:03 ` Kalle Pokki
2007-02-08 22:10 ` Shawn O. Pearce
2007-02-09 1:48 ` Theodore Tso
2007-02-09 1:58 ` Shawn O. Pearce
2007-02-09 2:01 ` Jakub Narebski
2007-02-10 16:05 ` Theodore Ts'o
2007-02-10 16:05 ` [PATCH] Print a sane error message if an alias expands to an invalid git command Theodore Ts'o
2007-02-10 16:05 ` [PATCH] Allow aliases to expand to shell commands Theodore Ts'o
2007-02-10 18:04 ` Linus Torvalds
2007-02-10 18:13 ` Theodore Tso
2007-02-10 20:34 ` Johannes Schindelin
2007-02-11 0:13 ` Theodore Tso
2007-02-11 16:03 ` Johannes Schindelin
2007-02-11 16:21 ` Theodore Tso
2007-02-11 16:36 ` Johannes Schindelin
2007-02-11 21:44 ` Junio C Hamano
2007-02-11 22:03 ` Johannes Schindelin
2007-02-12 3:56 ` Theodore Tso
2007-02-12 6:53 ` Shawn O. Pearce [this message]
2007-02-10 16:50 ` [PATCH] Print a sane error message if an alias expands to an invalid git command Junio C Hamano
2007-02-09 19:21 ` Git rescue mission Kalle Pokki
2007-02-08 21:57 ` Bill Lear
2007-02-08 22:13 ` Linus Torvalds
2007-02-08 22:33 ` Bill Lear
2007-02-08 23:25 ` Bill Lear
2007-02-08 23:33 ` Shawn O. Pearce
2007-02-08 23:40 ` Bill Lear
2007-02-08 23:50 ` Shawn O. Pearce
2007-02-09 0:03 ` Jakub Narebski
2007-02-09 0:17 ` Linus Torvalds
2007-02-09 8:58 ` Michael S. Tsirkin
2007-02-08 23:38 ` Jakub Narebski
2007-02-08 23:46 ` Linus Torvalds
2007-02-09 4:38 ` Junio C Hamano
2007-02-08 22:29 ` Jakub Narebski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070212065319.GF699@spearce.org \
--to=spearce@spearce.org \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=junkio@cox.net \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).