Phillip Wood wrote: > That is indeed unexpected. I set up git-daemon on my laptop this morning and > in order to get it to work one has to add "." as well as the repository > paths one wants to serve to the list of safe directories. Clearly that is > undesirable and does not really feel any safer that using > "safe.directory=*". Having also now run into this new landmine, I don't see how safe.directory adds any security to git-daemon at all. git-daemon is already told which directory contains the repositories to export, and they have to have git-daemon-export-ok in them as well. So the user has already specified what repositories it is safe for git-daemon to use. > What is happening is that git-daemon checks that the > repository path is listed as safe and then changes into that directory and > forks > > git upload-pack --strict . git-daemon might as well run children with safe.directory=* itself. -- see shy jo
Attachment:
signature.asc
Description: PGP signature
