Re: is gitosis secure?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 05, 2009 at 08:52:43AM +0100, Stephen R. van den Berg wrote:
> It would help if there were a 10 to 60 line synopsis of what it does
> in the critical cases.  I mean, I don't care about features, but I care
> about the critical parts that interact with the shell and ssh.  In order
> to audit that I need a concise 60 line max piece of code or text where
> I can get all the info from.  1000 lines for that is too much.

I'm kinda bad about trusting any kind of design documents. The code
isn't going to match the design document for many months, anyway. That
also means I'm more likely to put effort into having the code be
readable, than in *separately* describing it.

What do you think are the "critical cases"?

run_hook: reads config files and writes ~/.ssh/authorized_keys.

serve: takes untrusted user input, checks ACLs, execs git-shell.

Honestly, apart from details of how the ACLs are implemented etc,
that's pretty simple.

Some of the code structure is historical baggage, e.g. the ACL
mechanism can map repo names on the fly, but it should still be pretty
simple to just read through and get the picture.

I have no real interest in writing up how SSH's authorized_keys works.
That belongs in OpenSSH, anyway.

-- 
:(){ :|:&};:
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux