From: Junio C Hamano <gitster@pobox.com>
To: "Johan Sørensen" <johan@johansorensen.com>
Cc: Johannes Schindelin <Johannes.Schindelin@gmx.de>, git@vger.kernel.org
Subject: Re: [PATCH] Introduce a filter-path argument to git-daemon, for doing custom path transformations
Date: Fri, 13 Mar 2009 23:58:58 -0700 [thread overview]
Message-ID: <7vvdqcd1zh.fsf@gitster.siamese.dyndns.org> (raw)
In-Reply-To: <9e0f31700903121206m3adbabacra655c5d340365f43@mail.gmail.com> (Johan Sørensen's message of "Thu, 12 Mar 2009 20:06:25 +0100")
Johan Sørensen <johan@johansorensen.com> writes:
>> More importantly, you might want to point out the security concerns of
>> running a script with the full permissions of git-daemon. (AFAICT from
>> your patch you are not dropping any privileges at any point.)
>
> Do you really think this is needed? It doesn't seem like running the
> hook scripts does anything more than trusting the script author and
> permissions of the hook scripts (?). I see the path-filter script
> exactly the same way, with the exception of having to double-check the
> user supplied path the script receives.
If I am not misreading the patch (I only skimmed it), the script is what
is given to the git-daemon process from its command line, so it is under
total control of the site owner. It is much much much less problematic
than the security worry of allowing random hook scripts to be installed in
the repositories hosted at a hosting site. I think Dscho is being a bit
too paranoid in this particular case.
However, being paranoid is a good thing when we talk about instructions we
give to the end users. The site owner who uses this facility needs to be
aware that the script is run as the same user that runs git-daemon, and
that more than one instances of the script can be run at the same time.
The script writer needs to be careful about using the same scratchpad
location for the temporary files the script uses and not letting multiple
instances of scripts stomping on each other's toes. These things need to
be documented.
Do you run git-daemon from inetd, or standalone, by the way? I am
wondering how well it would scale if you spawn an external "filter path"
script (by the way, "filter path" sounds as if it checks and conditionally
denies access to, or something like that, which is not what you are using
it for. It is more about rewriting paths, a la mod_rewrite, and I think
the option is misnamed) every time you get a request.
next prev parent reply other threads:[~2009-03-14 7:00 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-11 15:17 [PATCH] Introduce a filter-path argument to git-daemon, for doing custom path transformations Johan Sørensen
2009-03-11 15:58 ` Johannes Sixt
2009-03-12 10:13 ` Johan Sørensen
2009-03-12 11:29 ` Johannes Schindelin
2009-03-12 15:48 ` Johan Sørensen
2009-03-12 16:50 ` Johannes Schindelin
2009-03-12 19:06 ` Johan Sørensen
2009-03-14 6:58 ` Junio C Hamano [this message]
2009-03-14 14:39 ` Johan Sørensen
2009-03-14 18:23 ` Junio C Hamano
2009-03-19 0:15 ` Johannes Schindelin
2009-03-19 13:02 ` Johan Sørensen
2009-03-20 22:27 ` Johannes Schindelin
2009-03-12 10:26 ` Johan Sørensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vvdqcd1zh.fsf@gitster.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=johan@johansorensen.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).