Johannes Schindelin <Johannes.Schindelin@xxxxxx> writes: > On Tue, 26 Aug 2008, Tommi Virtanen wrote: > >> All I'm going to say is that that's not the way you build trustable >> software. You take a minimal interface and restrict untrusted users to >> that, you don't add a feature to the widest possible interface.. > > I do not get your point. With your patch, AAUI, one would put /usr/bin/git as a shell in passwd. It's pretty clear that someone calling the shell with -c will get the restriction of git-shell, but I'd hardly guarantee that the shell in /etc/passwd will never be called without -c. At least, if the user tries to login, he will execute git without argument (which fortunately isn't serious, he'll just get the help message for git, which is unhelpful but not dangerous). My knowledge in Unix isn't sufficient to be sure there's no way at all to call git in a dangerous way here. With git-shell, it's much simpler to understand: either you give -c, and you get the restricted command set, or you don't, and you get nothing. -- Matthieu -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html