On Wed, Oct 3, 2012 at 1:04 PM, Ralf Hemmecke <
hemm...@gmail.com> wrote:
> On 10/03/2012 03:28 AM, Sitaram Chamarty wrote:
>> On Wed, Oct 3, 2012 at 2:55 AM, Ralf Hemmecke <
hemm...@gmail.com> wrote:
>>
>>> config hooks.showrev = "/bin/rm -rf /home/hemmecke"
>>> ...
>>>
>>> passes the $UNSAFE_PATT and my little extra "; echo" does not.
>>>
>>> Looks like this is a bit over securified and somewhat useless. Am I wrong?
>>
>> depends on how that string is used. If it's ever executed directly as
>> a command, both are bad.
>
> Do I understand correctly that you consider
>
> config hooks.showrev = "git show -C %s; echo"
>
> bad? Well, it's not really a gitolite issue, but can you tell me why
> it's bad? Or is it just because "showrev" is executed on the server?
Yes I do, but I can't explain it. See the thing is, proving something
harmless is hard to do. And since there exists a work-around, I'd
prefer to leave it like that.
> That's probably the easiest solution for my setup. But is my use case so
> uncommon? I.e. a user that has a login on some server (no root access)
Well I'm not sure how many users I have for v3 yet but only a couple
of these kinds of questions have come up so far.
Look at it this way: your needs were simple enough to be satisfied by
an inline shell command. Perhaps other's needs are complex enough to
be wrapped in a script anyway so this becomes moot.
One thing I am going to maintain is the distinction between "able to
push to the admin repo" and "able to run arbitrary commands on the
server". You will have to break that distinction yourself. It's not
that hard to break, but gitolite by default won't let one escalate to
the other and I'll try to make sure you're *aware* you're breaking
this.
> and installs gitolite in his home dir on the server and then selectively
> gives read or write access to collaborators. Think scientists who
> collaborate on an article.
>
> I actually like gitolite a lot, because with a little knowledge of this
> ssh stuff and the fact that installation is pretty easy, I don't have to
> ask my system administrator to setup a gitolite infrastructure for me.
> Involving a sysadmin sometimes makes easy things take ages.
>
> So, a little documentation of UNSAFE_PATT would be welcome in the rc file.
In the same spirit (i.e., "make sure you aware you're breaking this"),
I tend to think *not* documenting this is better. It forces people to
ask, and my reply in turn forces them to think, I hope, about the
implications (to whatever extent that is meaningful). Putting it in
the docs would lead to people just giving it something that will never
match and be done.
But if you feel very strongly that it should be in the docs (or,
better still, if someone else chips in and says so), then I will.
> Anyway, thank you, Sitaram, for gitolite and also for the kind and
> prompt support you give.
And that's an important part of the previous answer. Within
reasonable limits, I will always reply, and I won't ignore emails. So
-- despite my craze for documentation -- it may be acceptable for some
things to stay undocumented.
sitaram