On Thu, Jan 14, 2010 at 11:41:07AM -0800, Shawn O. Pearce wrote: > > Because receive-pack runs as the user who is pushing, not as the > > repository owner. So by convincing you to push to my repository in a > > multi-user environment, I convince you to run some arbitrary code of > > mine. > > Uhhh, this was in fetch/upload-pack Peff, not push/receive-pack. > > Same issue though. Errr...yeah. Sorry for the confusion. But yes, it's the same mechanism, except that it is even easier to get people to pull from you (to get them to push, you first have to get them to write a worthwhile code contribution. ;) ). -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html