diff options
| author |   Sitaram Chamarty <sitaram@atc.tcs.com> | 2010-04-09 16:48:46 +0530 |
|---|---|---|
| committer | Sitaram Chamarty <sitaram@atc.tcs.com> | 2010-04-09 16:48:46 +0530 |
| commit | 5deffee3cff5f9a13c59b8c1e357c5a32487d1c3 (patch) | |
| tree | a25f5ea763a6f0356875f3a7e67c18a1656397b7 | |
| parent | 4b7d144 should have touched this also (diff) | |
| download | gitolite-gentoo-5deffee3cff5f9a13c59b8c1e357c5a32487d1c3.tar.gz gitolite-gentoo-5deffee3cff5f9a13c59b8c1e357c5a32487d1c3.tar.bz2 gitolite-gentoo-5deffee3cff5f9a13c59b8c1e357c5a32487d1c3.zip | |
security: gitolite admin can get shell access by using screwy pubkey name
example: keydir/sitaram@$(some-dangerous-command; echo hi).pub
(still won't get the reward; that is only if a non-admin user gets
privs!)
| -rwxr-xr-x | src/gl-compile-conf | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/gl-compile-conf b/src/gl-compile-conf index 575ee61..1fb942b 100755 --- a/src/gl-compile-conf +++ b/src/gl-compile-conf @@ -511,6 +511,12 @@ print $newkeys_fh "# gitolite start\n"; wrap_chdir($GL_KEYDIR); for my $pubkey (glob("*")) { + # security check (thanks to divVerent for catching this) + unless ($pubkey =~ $USERNAME_PATT) { + print STDERR "$pubkey contains some unsavoury characters; ignored...\n"; + next; + } + # lint check 1 unless ($pubkey =~ /\.pub$/) { |