Junio C Hamano <gitster@xxxxxxxxx> wrote: > "Shawn O. Pearce" <spearce@xxxxxxxxxxx> writes: > > > With regards to this patch, yes, you can export your entire $HOME > > and maybe expose things you shouldn't or didn't want to. > > That was not what I meant. git-daemon running as nobody.project > will allow read access to project group's files, and the > whitelisting and --base-path are ways to limit it to files that > are in the repository. But the process still has the power to > read files outside that can be read nobody user or project > group, the only thing needed is for git-daemon and whatever it > spawn to have bugs. > > But the point is that "power to read files outside" is still > limited to nobody.project, even if there are such bugs to allow > it escape the whitelist/base-path jail. It won't extend to > anybody's $HOME. > > If you run git-daemon as spearce.spearce, you cannot rely on > that built-in limitation. Sure. Which is why I was planning on running git-daemon as gitadmin.gitadmin, with all central repos owned by gitadmin, and basically nothing else at all. I can just as easily start lighthttpd on $HOME. Or Apache. Both are insane. -- Shawn. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
