Re: [PATCH] Allow aliases to expand to shell commands

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Junio C Hamano <junkio@...>

Cc: Johannes Schindelin <Johannes.Schindelin@...>, <git@...>

Subject: Re: [PATCH] Allow aliases to expand to shell commands

Date: Sunday, February 11, 2007 - 11:56 pm

On Sun, Feb 11, 2007 at 01:44:25PM -0800, Junio C Hamano wrote:

quoted text> Theodore Tso  writes:

>

> > ..., I think we're

> > still safe, since aliases can't override commands.

>

> I feel a bit uneasy to hear safety argument based on that

> current restriction, since we might want to loosen it later.
Loosen which restriction?
1) The ability for aliases to shadow existing git commands?

2) The ability for untrusted users to make arbitrary changes to the

      config file?

3) The ability for untrusted users to execute arbitrary git commands via

      git-shell?
You hjave to loosen at least 2 of the 3 current restrictions before

the ability to execute shell commands out of aliases becomes a problem

--- and I would argue that either (2) or (3) are things that we would

be insane to loosen at least to the point of allowing untrusted users

to make arbitrary changes to the config or execute arbitrary git

commands, since even today, they could do a huge amount of damage

already.
						- Ted

-

To unsubscribe from this list: send the line "unsubscribe git" in

the body of a message to majordomo@vger.kernel.org

More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Git rescue mission, Bill Lear, (Wed Feb 7, 8:18 pm)

Re: Git rescue mission, Linus Torvalds, (Thu Feb 8, 1:27 pm)

Re: Git rescue mission, Kalle Pokki, (Thu Feb 8, 4:12 pm)

Re: Git rescue mission, Linus Torvalds, (Thu Feb 8, 5:23 pm)

Re: Git rescue mission, Kalle Pokki, (Thu Feb 8, 6:03 pm)

Re: Git rescue mission, Shawn O. Pearce, (Thu Feb 8, 6:10 pm)

Re: Git rescue mission, Kalle Pokki, (Fri Feb 9, 3:21 pm)

Re: Git rescue mission, Theodore Tso, (Thu Feb 8, 9:48 pm)

Re: Git rescue mission, Shawn O. Pearce, (Thu Feb 8, 9:58 pm)

Re: Git rescue mission, Theodore Ts'o, (Sat Feb 10, 12:05 pm)

[PATCH] Print a sane error message if an alias expands to an..., Theodore Ts'o, (Sat Feb 10, 12:05 pm)

Re: [PATCH] Print a sane error message if an alias expands t..., Junio C Hamano, (Sat Feb 10, 12:50 pm)

[PATCH] Allow aliases to expand to shell commands, Theodore Ts'o, (Sat Feb 10, 12:05 pm)

Re: [PATCH] Allow aliases to expand to shell commands, Theodore Tso, (Sat Feb 10, 2:13 pm)

Re: [PATCH] Allow aliases to expand to shell commands, Johannes Schindelin, (Sat Feb 10, 4:34 pm)

Re: [PATCH] Allow aliases to expand to shell commands, Theodore Tso, (Sat Feb 10, 8:13 pm)

Re: [PATCH] Allow aliases to expand to shell commands, Johannes Schindelin, (Sun Feb 11, 12:03 pm)

Re: [PATCH] Allow aliases to expand to shell commands, Theodore Tso, (Sun Feb 11, 12:21 pm)

Re: [PATCH] Allow aliases to expand to shell commands, Junio C Hamano, (Sun Feb 11, 5:44 pm)

Re: [PATCH] Allow aliases to expand to shell commands, Theodore Tso, (Sun Feb 11, 11:56 pm)

Re: [PATCH] Allow aliases to expand to shell commands, Shawn O. Pearce, (Mon Feb 12, 2:53 am)

Re: [PATCH] Allow aliases to expand to shell commands, Johannes Schindelin, (Sun Feb 11, 6:03 pm)

Re: [PATCH] Allow aliases to expand to shell commands, Johannes Schindelin, (Sun Feb 11, 12:36 pm)

Re: [PATCH] Allow aliases to expand to shell commands, Linus Torvalds, (Sat Feb 10, 2:04 pm)

Re: Git rescue mission, Bill Lear, (Thu Feb 8, 5:57 pm)

Re: Git rescue mission, Linus Torvalds, (Thu Feb 8, 6:13 pm)

Re: Git rescue mission, Junio C Hamano, (Fri Feb 9, 12:38 am)

Re: Git rescue mission, Bill Lear, (Thu Feb 8, 7:25 pm)

Re: Git rescue mission, Linus Torvalds, (Thu Feb 8, 7:46 pm)

Re: Git rescue mission, Shawn O. Pearce, (Thu Feb 8, 7:33 pm)

Re: Git rescue mission, Bill Lear, (Thu Feb 8, 7:40 pm)

Re: Git rescue mission, Linus Torvalds, (Thu Feb 8, 8:17 pm)

Re: Git rescue mission, Michael S. Tsirkin, (Fri Feb 9, 4:58 am)

Re: Git rescue mission, Jakub Narebski, (Thu Feb 8, 8:03 pm)

Re: Git rescue mission, Shawn O. Pearce, (Thu Feb 8, 7:50 pm)

Re: Git rescue mission, Bill Lear, (Thu Feb 8, 6:33 pm)

Re: Git rescue mission, Jakub Narebski, (Thu Feb 8, 6:29 pm)

Re: Git rescue mission, Johannes Schindelin, (Wed Feb 7, 8:22 pm)

Re: Git rescue mission, Bill Lear, (Wed Feb 7, 8:24 pm)

Re: Git rescue mission, Johannes Schindelin, (Wed Feb 7, 8:25 pm)

Re: Git rescue mission, Bill Lear, (Wed Feb 7, 8:34 pm)

Re: Git rescue mission, Junio C Hamano, (Wed Feb 7, 8:48 pm)

Re: Git rescue mission, Alexander Litvinov, (Thu Feb 8, 12:28 am)

Re: Git rescue mission, Junio C Hamano, (Thu Feb 8, 8:53 pm)

Re: Git rescue mission, Alexander Litvinov, (Thu Feb 8, 11:32 pm)

Re: Git rescue mission, Bill Lear, (Thu Feb 8, 11:27 am)

Re: Git rescue mission, Jeff King, (Thu Feb 8, 7:24 pm)

Re: Git rescue mission, Bill Lear, (Thu Feb 8, 7:32 pm)


linux-kernel:
Theodore Tso	Re: -mm merge plans for 2.6.23 -- sys_fallocate
Amit K. Arora	[RFC] Heads up on sys_fallocate()
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 011/196] sysfs: Fix a copy-n-paste typo in comment
git:

linux-netdev:
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	Re: [GIT]: Networking
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Frans Pop	svc: failed to register lockdv1 RPC service (errno 97).
openbsd-misc:

Re: [PATCH] Allow aliases to expand to shell commands

Online users