From 5fd9328c1cd1e7c576b6530b3253061c68b159aa Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Mon, 12 Apr 2010 20:50:26 +0530 Subject: [PATCH] "accidental [mis]feature" -- yet another admin->shell hole blocked! This is a pretty big hole, really. Only the fact that Eli called it an "accidental feature" helped catch it :) Notes on the code: An explicit list of paths -- maybe just "conf", "keydir", and "local" -- would have been easier, but this isn't too bad, I think. --- hooks/gitolite-admin/post-update | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hooks/gitolite-admin/post-update b/hooks/gitolite-admin/post-update index 5edf96d..3707c9f 100755 --- a/hooks/gitolite-admin/post-update +++ b/hooks/gitolite-admin/post-update @@ -2,7 +2,8 @@ # checkout the master branch to $GL_ADMINDIR # (the GL_ADMINDIR env var would have been set by gl-auth-command) -GIT_WORK_TREE=$GL_ADMINDIR git checkout -f master +GIT_WORK_TREE=$GL_ADMINDIR git checkout -f master -- \ + `git ls-tree master | cut -f2 | perl -lne 'print unless /^(src|hooks)$/'` od=$PWD cd $GL_ADMINDIR