2010/1/15 Jeff King <peff@xxxxxxxx>: > On Thu, Jan 14, 2010 at 11:41:07AM -0800, Shawn O. Pearce wrote: > >> > Because receive-pack runs as the user who is pushing, not as the >> > repository owner. So by convincing you to push to my repository in a >> > multi-user environment, I convince you to run some arbitrary code of >> > mine. >> >> Uhhh, this was in fetch/upload-pack Peff, not push/receive-pack. >> >> Same issue though. > > Errr...yeah. Sorry for the confusion. But yes, it's the same mechanism, > except that it is even easier to get people to pull from you (to get > them to push, you first have to get them to write a worthwhile code > contribution. ;) ). :) Another thought - would it be acceptable to have a config option to enable/disable these types of hooks, so that people who are not affected by the problem or explicitly don't care can use them? Perhaps a core.allowInsecureHooks ? Cheers, -- Arun Raghavan http://arunraghavan.net/ (Ford_Prefect | Gentoo) & (arunsr | GNOME) -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html