deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

security: gitolite admin can get shell access by using screwy pubkey name

Browse source 
example: keydir/sitaram@$(some-dangerous-command; echo hi).pub

(still won't get the reward; that is only if a non-admin user gets
privs!)
This commit is contained in:
Sitaram Chamarty 2010-04-09 16:48:46 +05:30
parent e6ee5cdb30
commit 5deffee3cf
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/gl-compile-conf
View file

@ -511,6 +511,12 @@ print $newkeys_fh "# gitolite start\n";
wrap_chdir($GL_KEYDIR); wrap_chdir($GL_KEYDIR);
for my $pubkey (glob("*")) for my $pubkey (glob("*"))
{ {
# security check (thanks to divVerent for catching this)
unless ($pubkey =~ $USERNAME_PATT) {
print STDERR "$pubkey contains some unsavoury characters; ignored...\n";
next;
}
# lint check 1 # lint check 1
unless ($pubkey =~ /\.pub$/) unless ($pubkey =~ /\.pub$/)
{ {