hoi :) On Thu, Dec 07, 2006 at 06:35:39AM -0500, Shawn Pearce wrote: > So I've patched git-receive-pack to refuse to run if its running > setuid and the hook's owner isn't the effective uid, or the hook > is group/world writable. This seems to close the last hole, but > it also makes hooks/update and hooks/post-update useless in user > private repositories on this system. perhaps don't refuse to run, but simply change back to the safed uid? Or use one special machine which hosts the repository and which has the modified version of git installed. -- Martin Waitz
Attachment:
signature.asc
Description: Digital signature