On Sun, Feb 11, 2007 at 01:44:25PM -0800, Junio C Hamano wrote:
> Theodore Tso <tytso@xxxxxxx> writes:
>
> > ..., I think we're
> > still safe, since aliases can't override commands.
>
> I feel a bit uneasy to hear safety argument based on that
> current restriction, since we might want to loosen it later.
Loosen which restriction?
1) The ability for aliases to shadow existing git commands?
2) The ability for untrusted users to make arbitrary changes to the
config file?
3) The ability for untrusted users to execute arbitrary git commands via
git-shell?
You hjave to loosen at least 2 of the 3 current restrictions before
the ability to execute shell commands out of aliases becomes a problem
--- and I would argue that either (2) or (3) are things that we would
be insane to loosen at least to the point of allowing untrusted users
to make arbitrary changes to the config or execute arbitrary git
commands, since even today, they could do a huge amount of damage
already.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html