> Agh, it’s getting late. In my last message I completely > forgot about the make_cmd() step. Sorry to waste your time > on that. No problem. It was good to have some pushback so I had to justify my assumptions. >> This will be an arbitrary directory if a user can 'su' to the >> git-shell user. > > That would be an odd setup, but I guess with shared repositories > there's a reason to do it. > >> (I am however starting to lean towards always >> chdir'ing into the git-shell user's $HOME, do people feel strongly >> about this in either direction?) > > I don't feel strongly either way. It would be a good way to > put the worry about that attack vector to rest (if you use > getpwent instead of getenv to fetch $HOME). Sure, I'll add some logic to do this. > Thanks for the patient explanations. No problem. Thanks for taking the time to read them :). Anyway, I'll create an updated version of this patch series that deals with the chdir'ing to the user's home directory, and that includes the 2>/dev/null line in 'list'. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html