Mike Hommey <mh@xxxxxxxxxxxx> writes: > However, the patch in its current form will definitely break gitosis if > it doesn't unset SSH_ORIGINAL_COMMAND. ... and any home-made script without knowledge of this feature. If I wanted to add some restrictions to git-shell, it would seem natural to me to write a script like #! /bin/sh if [ ??? ]; then git-shell $whatever else echo "Sorry, forbidden" exit 1 fi (I never did this with Git because I never had to manage any kind of permission control with it, but I have a script like that for SVN that adds some argument to the SVN command) If the command ignores its arguments, and use some other environment variable instead, then the security hole is not far. -- Matthieu -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html