[PATCHv4 2/2] Helper script to interface to gitolite
Ben Boeckel
mathstuf at gmail.com
Thu Nov 1 05:31:09 CET 2012
On Wed, Oct 31, 2012 at 22:20:51 -0600, Jason A. Donenfeld wrote:
> 1. If PATH is controlled by an attacker, it's already game over, regardless
> of this script.
> 2. Using `which` doesn't make sense, since in a shell script you just call
> it by the name, and then it searches path.
> 3. Gitolite is frequently installed just in a home directory, in the case
> of shared hosting, not globally in /usr or /usr/local.
> 4. So, the best way is just to call gitolite by typing "gitolite"
Ah, yeah, `which` isn't necessary. I should get to bed...it's been a
long day.
--Ben
More information about the CGit
mailing list