[PATCHv4 2/2] Helper script to interface to gitolite

Jason A. Donenfeld Jason at zx2c4.com
Thu Nov 1 05:20:51 CET 2012


1. If PATH is controlled by an attacker, it's already game over, regardless
of this script.
2. Using `which` doesn't make sense, since in a shell script you just call
it by the name, and then it searches path.
3. Gitolite is frequently installed just in a home directory, in the case
of shared hosting, not globally in /usr or /usr/local.
4. So, the best way is just to call gitolite by typing "gitolite"



More information about the CGit mailing list