From: Tommi Virtanen <tv@eagain.net>
To: "Stephen R. van den Berg" <srb@cuci.nl>
Cc: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>,
Florian Weimer <fw@deneb.enyo.de>,
git@vger.kernel.org
Subject: Re: is gitosis secure?
Date: Thu, 5 Feb 2009 00:04:19 -0800 [thread overview]
Message-ID: <20090205080419.GD1970@eagain.net> (raw)
In-Reply-To: <20090205075243.GA29080@cuci.nl>
On Thu, Feb 05, 2009 at 08:52:43AM +0100, Stephen R. van den Berg wrote:
> It would help if there were a 10 to 60 line synopsis of what it does
> in the critical cases. I mean, I don't care about features, but I care
> about the critical parts that interact with the shell and ssh. In order
> to audit that I need a concise 60 line max piece of code or text where
> I can get all the info from. 1000 lines for that is too much.
I'm kinda bad about trusting any kind of design documents. The code
isn't going to match the design document for many months, anyway. That
also means I'm more likely to put effort into having the code be
readable, than in *separately* describing it.
What do you think are the "critical cases"?
run_hook: reads config files and writes ~/.ssh/authorized_keys.
serve: takes untrusted user input, checks ACLs, execs git-shell.
Honestly, apart from details of how the ACLs are implemented etc,
that's pretty simple.
Some of the code structure is historical baggage, e.g. the ACL
mechanism can map repo names on the fly, but it should still be pretty
simple to just read through and get the picture.
I have no real interest in writing up how SSH's authorized_keys works.
That belongs in OpenSSH, anyway.
--
:(){ :|:&};:
next prev parent reply other threads:[~2009-02-05 8:05 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-09 8:56 is gitosis secure? Thomas Koch
2008-12-09 9:04 ` Sam Vilain
2009-01-18 11:48 ` Florian Weimer
2009-01-18 12:50 ` Boyd Stephen Smith Jr.
2009-01-18 13:25 ` Florian Weimer
2009-01-18 14:19 ` Boyd Stephen Smith Jr.
2009-02-03 21:31 ` Tommi Virtanen
2009-02-04 12:12 ` Stephen R. van den Berg
2009-02-04 18:26 ` Tommi Virtanen
2009-02-05 7:52 ` Stephen R. van den Berg
2009-02-05 8:04 ` Tommi Virtanen [this message]
2008-12-09 9:07 ` R. Tyler Ballance
2009-02-03 21:41 ` Tommi Virtanen
2008-12-09 9:38 ` Sverre Rabbelier
2008-12-13 16:23 ` Nix
2008-12-13 18:07 ` Sverre Rabbelier
2008-12-14 2:26 ` Sitaram Chamarty
2008-12-14 5:40 ` david
2008-12-14 9:42 ` martin
2008-12-14 11:25 ` david
2008-12-14 10:51 ` Jakub Narebski
2008-12-15 0:54 ` david
2008-12-14 11:02 ` martin
2008-12-15 1:00 ` david
2008-12-15 7:17 ` Mike Hommey
2008-12-15 8:25 ` david
2008-12-15 8:35 ` Mike Hommey
2008-12-15 21:28 ` Tait
2008-12-14 11:42 ` Sitaram Chamarty
2008-12-15 1:20 ` david
2008-12-14 10:40 ` Jakub Narebski
2008-12-15 0:50 ` david
2008-12-15 7:20 ` Rogan Dawes
2008-12-15 8:37 ` david
2008-12-15 7:52 ` Rogan Dawes
2008-12-14 10:47 ` Jakub Narebski
2008-12-15 0:14 ` Nix
2008-12-15 1:29 ` david
2008-12-15 5:24 ` Asheesh Laroia
2008-12-15 6:32 ` david
2008-12-09 19:18 ` Garry Dolley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090205080419.GD1970@eagain.net \
--to=tv@eagain.net \
--cc=bss@iguanasuicide.net \
--cc=fw@deneb.enyo.de \
--cc=git@vger.kernel.org \
--cc=srb@cuci.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).