Paolo Bonzini wrote:
>> It is either run by ssh (via command="" option in authorized_keys file),
>> by init/login (if in /etc/passwd), or by gitosis (and its equivalent).
>It is possible to run it with file descriptors closed via ssh, using
>command="git-shell 0<&- 1<&- 2<&-" in the authorized_keys file.
I don't consider this that relevant, however...
>It's true that in this case the user is also shooting himself, but given
>that git-shell is used to restrict operation to "safe" commands, this
>special case might be worth being worked around.
Since a programmer error in this case doesn't inflict just pain on the
user, but also is a potential security leak that can potentially be
exploited by third party users, things are different, and it is worth
catering for.
--
Sincerely,
Stephen R. van den Berg.
"Listen carefully, I shall say this only wence."
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
