On Sun, Jan 18, 2009 at 06:50:06AM -0600, Boyd Stephen Smith Jr. wrote:
> I can't speak directly to gitosis' security. If users are allowed to, e.g.
> change the hooks in their repository, there may be an issue there. I
> certainly haven't done any sort of audit to the source code AND I do not
> hold any security certification--or even job experience in a security
> field, yet.
You can't change hooks via gitosis, exactly for that reason.
In the future, I hope to provide ways to configure "known safe" hook
behavior. Basically something like "export contents after push to a
fixed subdirectory of ~git, named after the repo path" that you can
toggle on/off etc, one of those for every interesting hook I
encounter.
I do not ever want the gitosis admin to be able to do anything but
denial of service or repository content destroying attacks. And those
two capabilities are basically needed to do admin things.
Summary: I fully expect gitosis to be more secure than a manually
maintained git-shell over SSH setup, mostly because it can make
human errors more rare.
I also fully expect SSH(+gitosis)+git-shell to be more secure than
Apache+mod_dav.
--
:(){ :|:&};:
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
