From: Jeff King <peff@peff.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: Sitaram Chamarty <sitaramc@gmail.com>, Git <git@vger.kernel.org>
Subject: Re: what are the chances of a 'pre-upload' hook?
Date: Sat, 26 Nov 2011 18:51:35 -0500 [thread overview]
Message-ID: <20111126235135.GA7606@sigill.intra.peff.net> (raw)
In-Reply-To: <CAPc5daXY_4aimugj8Z4BFE8YvBSM1K+evPU69rLGH5ETo6PO=Q@mail.gmail.com>
On Sat, Nov 26, 2011 at 03:47:09PM -0800, Junio C Hamano wrote:
> > My point is to make it available, give it safe
> > semantics by default, and let people who are running daemon-like service
> > (i.e., where the admin controls the daemon and arbitrary users can't
> > write into the hooks directory) use it by setting an environment
> > variable, rather than patching git.
>
> I think we re on the same page on that point, and this thread is to find
> such a safe default and safe semantics when enabled.
>
> Unfortunately neither your "trusted" switch nor check the gid of repository
> is that safe thing (sane default part is easy; do not allow it by default).
Sorry, why is the trusted switch not a sane thing? By turning it on, you
are saying "it's OK to run arbitrary code from the repo as the current
user". It's _exactly_ what some people are going to want to do[1],
regardless of any other heuristics.
Sure, maybe it's giving people rope to hang themselves with, but I don't
see a problem with that as long as the issues are clearly laid out in
the documentation.
-Peff
[1] An alternate and even more flexible form is to not just say "it's OK
to run hooks", but to say "run this particular hook as a
pre-upload-hook" without any regard for what's in $GIT_DIR/hooks. It is
a superset of the other form, because of course the hook you tell it
to run can be "sh $GIT_DIR/hooks/pre-upload-pack".
next prev parent reply other threads:[~2011-11-26 23:51 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-25 3:16 what are the chances of a 'pre-upload' hook? Sitaram Chamarty
2011-11-25 3:18 ` Martin Fick
2011-11-25 3:22 ` Martin Fick
2011-11-25 4:13 ` Sitaram Chamarty
2011-11-25 13:09 ` Andreas Ericsson
2011-11-25 16:18 ` Sitaram Chamarty
2011-11-25 14:40 ` Jeff King
2011-11-26 22:34 ` Junio C Hamano
2011-11-26 22:55 ` Jeff King
2011-11-26 23:13 ` Junio C Hamano
2011-11-26 23:31 ` Jeff King
[not found] ` <CAPc5daXY_4aimugj8Z4BFE8YvBSM1K+evPU69rLGH5ETo6PO=Q@mail.gmail.com>
2011-11-26 23:51 ` Jeff King [this message]
[not found] ` <CAPc5daUodry_=6pZxA=QOpuRUj9C2ed9Gzp6E1_G93iGfOOvOA@mail.gmail.com>
2011-11-27 0:06 ` Jeff King
2011-11-27 8:56 ` Junio C Hamano
2011-11-27 13:16 ` Sitaram Chamarty
2011-11-28 6:41 ` Junio C Hamano
2011-11-28 8:01 ` Jeff King
2011-11-28 9:21 ` Sitaram Chamarty
2011-11-28 8:17 ` Sitaram Chamarty
2011-11-28 8:27 ` Jeff King
2011-11-27 7:51 ` Junio C Hamano
2011-11-28 7:51 ` Jeff King
2011-11-28 8:17 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111126235135.GA7606@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=sitaramc@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).