From: "Stephen R. van den Berg" <srb@cuci.nl>
To: Tommi Virtanen <tv@eagain.net>
Cc: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>,
Florian Weimer <fw@deneb.enyo.de>,
git@vger.kernel.org
Subject: Re: is gitosis secure?
Date: Wed, 4 Feb 2009 13:12:04 +0100 [thread overview]
Message-ID: <20090204121204.GA12393@cuci.nl> (raw)
In-Reply-To: <20090203213135.GA1970@eagain.net>
Tommi Virtanen wrote:
>Summary: I fully expect gitosis to be more secure than a manually
>maintained git-shell over SSH setup, mostly because it can make
>human errors more rare.
I installed gitosis a year ago.
Then I tried to audit the code.
I couldn't, the whole thing is too much spaghetti code.
I.e. the individual python routines might be well written, but there
is no concise overview in 10 lines max which can explain to me what
happens which might or might not open up security holes. There are too
many pieces of code depending on each other.
I.e. if you trust the author not to have made any mistakes, then it
is probably secure.
Auditing gitosis turned out to be too painful to be worth the trouble,
so I reverted to a manually maintained git-shell solution which is so
simple that I can actually audit it, and therefore is provably secure
(which gitosis is not).
--
Sincerely,
Stephen R. van den Berg.
Humor in the Court: Q: What happened then? A: He told me, he says,
"I have to kill you because you can identify me." Q: Did he kill you? A: No.
next prev parent reply other threads:[~2009-02-04 12:13 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-09 8:56 is gitosis secure? Thomas Koch
2008-12-09 9:04 ` Sam Vilain
2009-01-18 11:48 ` Florian Weimer
2009-01-18 12:50 ` Boyd Stephen Smith Jr.
2009-01-18 13:25 ` Florian Weimer
2009-01-18 14:19 ` Boyd Stephen Smith Jr.
2009-02-03 21:31 ` Tommi Virtanen
2009-02-04 12:12 ` Stephen R. van den Berg [this message]
2009-02-04 18:26 ` Tommi Virtanen
2009-02-05 7:52 ` Stephen R. van den Berg
2009-02-05 8:04 ` Tommi Virtanen
2008-12-09 9:07 ` R. Tyler Ballance
2009-02-03 21:41 ` Tommi Virtanen
2008-12-09 9:38 ` Sverre Rabbelier
2008-12-13 16:23 ` Nix
2008-12-13 18:07 ` Sverre Rabbelier
2008-12-14 2:26 ` Sitaram Chamarty
2008-12-14 5:40 ` david
2008-12-14 9:42 ` martin
2008-12-14 11:25 ` david
2008-12-14 10:51 ` Jakub Narebski
2008-12-15 0:54 ` david
2008-12-14 11:02 ` martin
2008-12-15 1:00 ` david
2008-12-15 7:17 ` Mike Hommey
2008-12-15 8:25 ` david
2008-12-15 8:35 ` Mike Hommey
2008-12-15 21:28 ` Tait
2008-12-14 11:42 ` Sitaram Chamarty
2008-12-15 1:20 ` david
2008-12-14 10:40 ` Jakub Narebski
2008-12-15 0:50 ` david
2008-12-15 7:20 ` Rogan Dawes
2008-12-15 8:37 ` david
2008-12-15 7:52 ` Rogan Dawes
2008-12-14 10:47 ` Jakub Narebski
2008-12-15 0:14 ` Nix
2008-12-15 1:29 ` david
2008-12-15 5:24 ` Asheesh Laroia
2008-12-15 6:32 ` david
2008-12-09 19:18 ` Garry Dolley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090204121204.GA12393@cuci.nl \
--to=srb@cuci.nl \
--cc=bss@iguanasuicide.net \
--cc=fw@deneb.enyo.de \
--cc=git@vger.kernel.org \
--cc=tv@eagain.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).