From: Jonathan Nieder <jrnieder@gmail.com>
To: Greg Brockman <gdb@MIT.EDU>
Cc: "Johannes Sixt" <j.sixt@viscovery.net>,
"Ævar Arnfjörð" <avarab@gmail.com>,
gitster@pobox.com, git@vger.kernel.org
Subject: Re: [PATCHv3] Updated patch series for providing mechanism to list available repositories
Date: Tue, 27 Jul 2010 19:33:36 -0500 [thread overview]
Message-ID: <20100728003336.GA2248@dert.cs.uchicago.edu> (raw)
In-Reply-To: <AANLkTikr5jjZJa2irLb2rNew8ngJcv3rhcFV+pNRpRrw@mail.gmail.com>
Greg Brockman wrote:
> Hmm, ok. So if I'm not mistaken, the only outstanding issue is
> whether to provide a way to globally disable git-shell-commands. Do
> you have a particular threat model in mind?
No, it was only a vague thing. I do not even use git-shell
myself, so it was a vague worry for a scenario I am not even
involved in. So if you have thought it over and decided it is
not an issue, that is good enough for me.
What would be most comforting is an explanation like this:
"Uses not using this feature will not be impacted by patch 1,
since all it adds is:
- some memory allocation
- a call to split_cmdline, which I have audited and
seems to be safe
- an execv that does not permit . or / characters and so
can only run commands from the directory the user is
in (which would be safe because..."
Actually if I understand correctly I am not comforted at all,
because a former user at a multi-user installation that only has
git-shell access now can suddenly run arbitrary commands from
the home directory once git is upgraded.
Jonathan
next prev parent reply other threads:[~2010-07-28 0:53 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-21 15:15 [PATCHv3] Updated patch series for providing mechanism to list available repositories Greg Brockman
2010-07-21 15:15 ` [PATCH 1/3] Allow creation of arbitrary git-shell commands Greg Brockman
2010-07-21 15:15 ` [PATCH 2/3] Add interactive mode to git-shell for user-friendliness Greg Brockman
2010-07-21 15:15 ` [PATCH 3/3] Add sample commands for git-shell Greg Brockman
2010-07-26 22:32 ` [PATCHv3] Updated patch series for providing mechanism to list available repositories Greg Brockman
2010-07-26 22:54 ` Ævar Arnfjörð Bjarmason
2010-07-26 23:18 ` Greg Brockman
2010-07-27 9:02 ` Jakub Narebski
2010-07-26 23:28 ` Jonathan Nieder
2010-07-27 0:20 ` Greg Brockman
2010-07-27 0:50 ` Jonathan Nieder
2010-07-27 7:16 ` Johannes Sixt
2010-07-27 17:41 ` Jonathan Nieder
2010-07-27 22:43 ` Greg Brockman
2010-07-28 0:33 ` Jonathan Nieder [this message]
2010-07-28 6:15 ` Greg Brockman
2010-07-28 6:42 ` Jonathan Nieder
2010-07-28 7:06 ` Greg Brockman
2010-07-28 23:14 ` Anders Kaseorg
2010-07-28 23:52 ` Jonathan Nieder
2010-07-29 0:21 ` Greg Brockman
2010-07-29 0:33 ` Jonathan Nieder
2010-07-28 1:10 ` Jonathan Nieder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100728003336.GA2248@dert.cs.uchicago.edu \
--to=jrnieder@gmail.com \
--cc=avarab@gmail.com \
--cc=gdb@MIT.EDU \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=j.sixt@viscovery.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).