> > Since the `info` command in cat-file --batch-command prints object info > > for a given object, it is natural to add another command in cat-file > > --batch-command to print object info for a given object from a remote. > > Is it ?:) Haha yes this could use a little rewording > > Add `remote-object-info` to cat-file --batch-command. > > I realize this bit of implementation changed in v4, i.e. it used to be > in "fetch", and I'm happy to have it moved out of there, we don't need > to overload it more. > > But I remember thinking (and perhaps commenting on-list, I can't > remember) that the "object-info" server verb was a bit odd at the time > that it was implemented. I understand the motivation, but surely it was > stumbling its way towards being something more generic, i.e. being able > to just expose cmd_cat_file() in some form. > > Which is one of the goals I've had in mind with working on fixing memory > leaks in various places, i.e. once you get common commands to clean up > after themselves it usually becomes to have a "command server". > > So (and I don't mind if this is longer term, just asking), is there a > reason for why we wouldn't want to do away with object-info and this > "cat-file talks to a remote", in favor of just having support for > invoking arbitrary commands from a remote. > > Of course that set of allowed RCE commands would be zero by default, but > if we had some way to define tha "cat-file" was allowed to be called, > and only if you invoked: > > cat-file --batch="%(objectsize)" > > Or whatever, but over the v2 protocol, wouldn't we basically have > object-info in a more roundabout way? While I do think that if we did have a set of allowed RCE commands, this would be a good candidate to be one of those commands. I am worried about security, maintainability, and server performance risks this change would also carry. Figuring out which commands are secure and would not overload the server, and then maintaining that set seems like a much more worrisome design than having a secure git server.
