On Tue, 2 Feb 2010, Arun Raghavan wrote: > On 1 February 2010 22:06, Shawn O. Pearce <spearce@xxxxxxxxxxx> wrote: > > Nicolas Pitre <nico@xxxxxxxxxxx> wrote: > >> On Mon, 1 Feb 2010, Shawn O. Pearce wrote: > >> I think such hooks could be allowed only if triggered explicitly by the > >> upload-pack caller, such as git-daemon. That's probably the only > >> scenario where a useful use case can be justified for them anyway. > >> > >> And of course, to avoid any security problems, the actual hooks must not > >> be provided by the repository owner but provided externally, like from > >> git-daemon, via some upload-pack command line arguments. This way the > >> hooks are really controlled by the system administrator managing > >> git-daemon and not by any random git repository owner. > >> > >> That should be good enough for all the use cases those hooks were > >> originally designed for. > > > > Oooh, I like that. > > > > If the paths to the hooks are passed in on the command line of > > git-upload-pack, and git-daemon takes those options and passes > > them through, you're right, we probably get everything we need. > > > > Gitosis can still use the hooks if it wants, since it controls > > the call of git-upload-pack. > > I can add the uid check before running the hook as well. Is that good > enough, or would you guys like me to start from scratch with the > command-line argument approach? Please forget the uid check and go with the command-line argument approach. That's the only sane solution. Nicolas