Re: [PATCH 2/2] git wrapper: execute git-shell when argv[1] is '-c'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Johannes Schindelin <Johannes.Schindelin@xxxxxx> writes:

> On Tue, 26 Aug 2008, Tommi Virtanen wrote:
>
>> All I'm going to say is that that's not the way you build trustable 
>> software. You take a minimal interface and restrict untrusted users to 
>> that, you don't add a feature to the widest possible interface..
>
> I do not get your point.

With your patch, AAUI, one would put /usr/bin/git as a shell in
passwd. It's pretty clear that someone calling the shell with -c will
get the restriction of git-shell, but I'd hardly guarantee that the
shell in /etc/passwd will never be called without -c. At least, if the
user tries to login, he will execute git without argument (which
fortunately isn't serious, he'll just get the help message for git,
which is unhelpful but not dangerous). My knowledge in Unix isn't
sufficient to be sure there's no way at all to call git in a dangerous
way here. With git-shell, it's much simpler to understand: either you
give -c, and you get the restricted command set, or you don't, and you
get nothing.

-- 
Matthieu
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux