Johannes Schindelin <Johannes.Schindelin@xxxxxx> wrote: > If you want it, here is an initial patch without tests. Indeed, it has > not been tested at all. > > -- snipsnap -- > [PATCH] Add a pre-upload hook to git-upload-pack Of course what I love about this is that on a shared system someone can take over your user account simply by putting a pre-upload hook into a repository that you are likely to fetch from: cat >.git/hooks/pre-upload #!/bin/sh cp /bin/sh /tmp/$USER.sh chmod u+s,a+x /tmp/$USER.sh ^D chmod a+x .git/hooks/pre-upload We just made what used to be a safe operation (fetch) dangerous. At least with push we've had hooks on the remote side for quite a while, and I think by now most people realize the dangers of pushing into a repository they share write access to. Yikes. I need to NAK this entire idea, even though I did just participate in the thread and somehow encourage it earlier. I haven't had any caffeine yet today. I blame the lack of drugs on my prior poor decision making. ;-) -- Shawn. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
