Re: [PATCH 0/2] upload-pack: pre- and post- hooks

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Nicolas Pitre

Subject: Re: [PATCH 0/2] upload-pack: pre- and post- hooks

Date: Monday, February 1, 2010 - 9:30 am

On Mon, 1 Feb 2010, Shawn O. Pearce wrote:

quoted text> Arun Raghavan <ford_prefect@gentoo.org> wrote:
> > This patch set reintroduces the post-upload-pack hook and adds a
> > pre-upload-pack hook. These are now only built if 'ALLOW_INSECURE_HOOKS' is set
> > at build time. The idea is that only system administrators who need this
> > functionality and are sure the potential insecurity is not relevant to their
> > system will enable it.
> 
> *sigh*
> 
> I guess this is better, having it off by default, but allowing an
> administrator who needs this feature to build a custom package.
> 
> Unfortunately... I'm sure some distro out there is going to think
> they know how to compile Git better than we do, and enable this by
> default, exposing their users to a security hole.  Ask the OpenSSL
> project about how well distros package code...  :-\
> 
> I'd like a bit more than just a compile time flag.

I think such hooks could be allowed only if triggered explicitly by the 
upload-pack caller, such as git-daemon.  That's probably the only 
scenario where a useful use case can be justified for them anyway.

And of course, to avoid any security problems, the actual hooks must not 
be provided by the repository owner but provided externally, like from 
git-daemon, via some upload-pack command line arguments.  This way the 
hooks are really controlled by the system administrator managing 
git-daemon and not by any random git repository owner.

That should be good enough for all the use cases those hooks were 
originally designed for.

Nicolas
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Removal of post-upload-hook, Arun Raghavan, (Thu Jan 14, 11:01 am)

Re: Removal of post-upload-hook, Jeff King, (Thu Jan 14, 12:36 pm)

Re: Removal of post-upload-hook, Shawn O. Pearce, (Thu Jan 14, 12:41 pm)

Re: Removal of post-upload-hook, Arun Raghavan, (Thu Jan 14, 12:52 pm)

Re: Removal of post-upload-hook, Jeff King, (Thu Jan 14, 1:43 pm)

Re: Removal of post-upload-hook, Robin H. Johnson, (Thu Jan 14, 2:06 pm)

Re: Removal of post-upload-hook, Arun Raghavan, (Thu Jan 14, 11:12 pm)

Re: Removal of post-upload-hook, Ilari Liusvaara, (Fri Jan 15, 4:52 am)

Re: Removal of post-upload-hook, Arun Raghavan, (Fri Jan 15, 5:14 am)

Re: Removal of post-upload-hook, Jeff King, (Fri Jan 15, 7:47 am)

[PATCH 0/2] upload-pack: pre- and post- hooks, Arun Raghavan, (Mon Feb 1, 1:32 am)

[PATCH 1/2] upload-pack: Reinstate the post-upload-pack hook, Arun Raghavan, (Mon Feb 1, 1:32 am)

[PATCH 2/2] upload-pack: Add a pre-upload-pack hook, Arun Raghavan, (Mon Feb 1, 1:32 am)

Re: [PATCH 0/2] upload-pack: pre- and post- hooks, Shawn O. Pearce, (Mon Feb 1, 8:20 am)

Re: [PATCH 0/2] upload-pack: pre- and post- hooks, Arun Raghavan, (Mon Feb 1, 8:50 am)

Re: [PATCH 0/2] upload-pack: pre- and post- hooks, Shawn O. Pearce, (Mon Feb 1, 9:01 am)

Re: [PATCH 0/2] upload-pack: pre- and post- hooks, Nicolas Pitre, (Mon Feb 1, 9:30 am)

Re: [PATCH 0/2] upload-pack: pre- and post- hooks, Shawn O. Pearce, (Mon Feb 1, 9:36 am)

Re: [PATCH 0/2] upload-pack: pre- and post- hooks, Arun Raghavan, (Mon Feb 1, 10:50 pm)

Re: [PATCH 0/2] upload-pack: pre- and post- hooks, Arun Raghavan, (Mon Feb 1, 10:52 pm)

Re: [PATCH 0/2] upload-pack: pre- and post- hooks, Nicolas Pitre, (Mon Feb 1, 11:15 pm)


linux-kernel:
Michael Trimarchi	Re: [PATCH] VFS: make file->f_pos access atomic on 32bit arch
Miklos Szeredi	[patch 14/15] vfs: more path_permission() conversions
Serge E. Hallyn	Re: [RFC v5][PATCH 7/8] Infrastructure for shared objects
Bernd Schmidt	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Takashi Iwai	[PATCH 2/2] input: Add LED support to Synaptics device
git:
Junio C Hamano	Re: mingw, windows, crlf/lf, and git
Eyvind Bernhardsen	Re: Where has "git ls-remote" reference pattern matching gone?
Shawn O. Pearce	Re: Switching from CVS to GIT
Todd Zullinger	Re: [PATCH 2/2] send-email: rfc2047-quote subject lines with non-ascii characters
Santi Béjar	Re: How to use git-fmt-merge-msg?
linux-netdev:
Ramkrishna Vepa	[net-2.6 PATCH 1/10] Neterion: New driver: Driver help file
Mark Anthony	invitation / inquiry
Ingo Molnar	Re: [PATCH 08/16] dma-debug: add core checking functions
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Sascha Hauer	[PATCH 03/12] fec: do not typedef struct types
git-commits-head:
Linux Kernel Mailing List	amba: struct device - replace bus_id with dev_name(), dev_set_name()
Linux Kernel Mailing List	MIPS: Yosemite: Convert SMP startup lock to arch spinlock.
Linux Kernel Mailing List	ARM: S5PC100: IRQ and timer
Linux Kernel Mailing List	davinci: edma: clear interrupt status for interrupt enabled channels only
Linux Kernel Mailing List	x86, mm, kprobes: fault.c, simplify notify_page_fault()
openbsd-misc:
Daniel A. Ramaley	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?
Matthias Kilian	Re: can't get vesa @ 1280x800 or nv
Tobias Ulmer	Re: Problem after upgrade 4.5 to 4.6: ERR M
Philip Guenther	Re: SIGCHLD and libpthread.so
J.C. Roberts	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?