On Thu, Feb 02, 2012 at 10:11:27PM -0800, Junio C Hamano wrote: > Kyle Moffett <kyle@xxxxxxxxxxxxxxx> writes: > > > Alternatively, you could extend the recent proposal for GIT config > > "include" statements so that something like this works: > > > > [include] > > exec = echo "deploy.prefix = `cat /etc/SERVER_ROLE`" > > exec = /usr/local/bin/git-config-for-ldap-user > > Erh... > > Running known stuff from your own .git/config may be justifiable as "at > your own risk", but if we consider sources that are not under your direct > control, such as /etc/gitconfig and whatever your project encourages you > to include from your .git/config,... eek. For normal use, I don't see this as a big deal. They could also be specifying diff.external, which would run arbitrary code (and who doesn't run "git diff" once in a while?). I see it as a bigger issue for sites which serve repositories on behalf of their users, and already take care never to use porcelain commands which will run arbitrary code from the config by default (e.g., gitweb carefully uses diff plumbing for this reason). Introducing such an option provides a mechanism for users who control the config of the served repositories to execute code as the user running git-daemon or gitweb. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html