From 319d8461f7fc7976b232d6b80e8adae9370a4113 Mon Sep 17 00:00:00 2001
From: Sitaram Chamarty <sitaram@atc.tcs.com>
Date: Wed, 11 Nov 2015 06:35:50 +0530
Subject: add security warning to 'config' command

---
 src/commands/config | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/commands/config b/src/commands/config
index b996066..7851c11 100755
--- a/src/commands/config
+++ b/src/commands/config
@@ -1,6 +1,13 @@
 #!/usr/bin/perl
 use 5.10.0;
 
+# ---- WARNING ----
+
+# If your site makes a distinction between "right to push the admin repo" and
+# "right to run arbitrary commands on the server" (i.e., if not all of your
+# "admins" have shell access to the server), this is a security risk. If that
+# is the case, DO NOT ENABLE THIS COMMAND.
+
 # ----------------------------------------------------------------------
 # gitolite command to allow "git config" on repos (with some restrictions)
 
@@ -9,7 +16,7 @@ use 5.10.0;
 
 # setup:
 #   1.  Enable the command by adding it to the COMMANDS section in the ENABLE
-#       list in the rc file.
+#       list in the rc file.  (Have you read the warning above?)
 #
 #   2.  Specify configs allowed to be changed by the user.  This is a space
 #       separated regex list.  For example:
-- 
cgit v1.2.3-65-gdbad