From: Tommi Virtanen <tv@eagain.net>
To: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
Cc: Florian Weimer <fw@deneb.enyo.de>, git@vger.kernel.org
Subject: Re: is gitosis secure?
Date: Tue, 3 Feb 2009 13:31:35 -0800 [thread overview]
Message-ID: <20090203213135.GA1970@eagain.net> (raw)
In-Reply-To: <200901180650.06605.bss@iguanasuicide.net>
On Sun, Jan 18, 2009 at 06:50:06AM -0600, Boyd Stephen Smith Jr. wrote:
> I can't speak directly to gitosis' security. If users are allowed to, e.g.
> change the hooks in their repository, there may be an issue there. I
> certainly haven't done any sort of audit to the source code AND I do not
> hold any security certification--or even job experience in a security
> field, yet.
You can't change hooks via gitosis, exactly for that reason.
In the future, I hope to provide ways to configure "known safe" hook
behavior. Basically something like "export contents after push to a
fixed subdirectory of ~git, named after the repo path" that you can
toggle on/off etc, one of those for every interesting hook I
encounter.
I do not ever want the gitosis admin to be able to do anything but
denial of service or repository content destroying attacks. And those
two capabilities are basically needed to do admin things.
Summary: I fully expect gitosis to be more secure than a manually
maintained git-shell over SSH setup, mostly because it can make
human errors more rare.
I also fully expect SSH(+gitosis)+git-shell to be more secure than
Apache+mod_dav.
--
:(){ :|:&};:
next prev parent reply other threads:[~2009-02-03 21:40 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-09 8:56 is gitosis secure? Thomas Koch
2008-12-09 9:04 ` Sam Vilain
2009-01-18 11:48 ` Florian Weimer
2009-01-18 12:50 ` Boyd Stephen Smith Jr.
2009-01-18 13:25 ` Florian Weimer
2009-01-18 14:19 ` Boyd Stephen Smith Jr.
2009-02-03 21:31 ` Tommi Virtanen [this message]
2009-02-04 12:12 ` Stephen R. van den Berg
2009-02-04 18:26 ` Tommi Virtanen
2009-02-05 7:52 ` Stephen R. van den Berg
2009-02-05 8:04 ` Tommi Virtanen
2008-12-09 9:07 ` R. Tyler Ballance
2009-02-03 21:41 ` Tommi Virtanen
2008-12-09 9:38 ` Sverre Rabbelier
2008-12-13 16:23 ` Nix
2008-12-13 18:07 ` Sverre Rabbelier
2008-12-14 2:26 ` Sitaram Chamarty
2008-12-14 5:40 ` david
2008-12-14 9:42 ` martin
2008-12-14 11:25 ` david
2008-12-14 10:51 ` Jakub Narebski
2008-12-15 0:54 ` david
2008-12-14 11:02 ` martin
2008-12-15 1:00 ` david
2008-12-15 7:17 ` Mike Hommey
2008-12-15 8:25 ` david
2008-12-15 8:35 ` Mike Hommey
2008-12-15 21:28 ` Tait
2008-12-14 11:42 ` Sitaram Chamarty
2008-12-15 1:20 ` david
2008-12-14 10:40 ` Jakub Narebski
2008-12-15 0:50 ` david
2008-12-15 7:20 ` Rogan Dawes
2008-12-15 8:37 ` david
2008-12-15 7:52 ` Rogan Dawes
2008-12-14 10:47 ` Jakub Narebski
2008-12-15 0:14 ` Nix
2008-12-15 1:29 ` david
2008-12-15 5:24 ` Asheesh Laroia
2008-12-15 6:32 ` david
2008-12-09 19:18 ` Garry Dolley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090203213135.GA1970@eagain.net \
--to=tv@eagain.net \
--cc=bss@iguanasuicide.net \
--cc=fw@deneb.enyo.de \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).