Junio C Hamano schrieb: > Johannes Sixt <j.sixt@xxxxxxxxxxxxx> writes: >> OTOH, it may be worthwhile to set >> >> pass.use_shell = 1; >> >> to allow commands that are not just a single plain word. But perhaps this >> has security implications - I don't know. > > How does SSH_ASKPASS gets interpreted by other programs? I think we > should follow that example. openssh treats SSH_ASKPASS as a command name and uses execlp, i.e., does a PATH search; no shell tricks are possible. Hence, we should *not* set use_shell. http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readpass.c?rev=1.47 Of course, we could define that GIT_ASKPASS is different from SSH_ASKPASS in this regard, but I haven't followed the discussion to know whether this is necessary. -- Hannes -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html