diff options
| author |   Sitaram Chamarty <sitaram@atc.tcs.com> | 2015-11-11 06:35:50 +0530 |
|---|---|---|
| committer | Sitaram Chamarty <sitaram@atc.tcs.com> | 2015-11-11 06:35:50 +0530 |
| commit | 319d8461f7fc7976b232d6b80e8adae9370a4113 (patch) | |
| tree | 6816ab20873053d205c8353fb15541030030620e | |
| parent | v3.6.4 (diff) | |
| download | gitolite-gentoo-319d8461f7fc7976b232d6b80e8adae9370a4113.tar.gz gitolite-gentoo-319d8461f7fc7976b232d6b80e8adae9370a4113.tar.bz2 gitolite-gentoo-319d8461f7fc7976b232d6b80e8adae9370a4113.zip | |
add security warning to 'config' command
| -rwxr-xr-x | src/commands/config | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/commands/config b/src/commands/config index b996066..7851c11 100755 --- a/src/commands/config +++ b/src/commands/config @@ -1,6 +1,13 @@ #!/usr/bin/perl use 5.10.0; +# ---- WARNING ---- + +# If your site makes a distinction between "right to push the admin repo" and +# "right to run arbitrary commands on the server" (i.e., if not all of your +# "admins" have shell access to the server), this is a security risk. If that +# is the case, DO NOT ENABLE THIS COMMAND. + # ---------------------------------------------------------------------- # gitolite command to allow "git config" on repos (with some restrictions) @@ -9,7 +16,7 @@ use 5.10.0; # setup: # 1. Enable the command by adding it to the COMMANDS section in the ENABLE -# list in the rc file. +# list in the rc file. (Have you read the warning above?) # # 2. Specify configs allowed to be changed by the user. This is a space # separated regex list. For example: |