From 5298a79cb503c9034de5e2dbc88ed0c9b72a566f Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Wed, 23 May 2012 03:17:58 +0530 Subject: [PATCH] MAJOR BUGFIX: disallow "hooks" directory in admin repo Although this is not a "hole" that allows a normal user to bypass controls, I still consider this a hole in the sense that I want to separate "admin push" rights from "shell access on server" rights. (I realise that most people don't make this distinction, but I do, and for me and most sites I consult for it is important). Thanks to drue on #gitolite who pointed it out excitedly, and apologies for killing what he thought of as a feature! --- src/lib/Gitolite/Hooks/PostUpdate.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/Gitolite/Hooks/PostUpdate.pm b/src/lib/Gitolite/Hooks/PostUpdate.pm index 9013ee9..3605de0 100644 --- a/src/lib/Gitolite/Hooks/PostUpdate.pm +++ b/src/lib/Gitolite/Hooks/PostUpdate.pm @@ -23,7 +23,7 @@ sub post_update { # this is the *real* post_update hook for gitolite tsh_try("git ls-tree --name-only master"); - _die "no files/dirs called 'hooks' or 'logs' are allowed" if tsh_text() =~ /^(hooks|logs)$/; + _die "no files/dirs called 'hooks' or 'logs' are allowed" if tsh_text() =~ /^(hooks|logs)$/m; { local $ENV{GIT_WORK_TREE} = $rc{GL_ADMIN_BASE};