Guys,
I've written a really simple TCP git daemon that normally listens on
port "DEFAULT_GIT_PORT" aka 9418. It waits for a connection, and will just
execute "git-upload-pack" when it gets one.
It's actually a bit more careful than that, in that there's a magic
request-line that gives the command and what directory to upload, and it
verifies that the directory is ok.
In particular, it verifies that the directory has the magic file
"git-daemon-export-ok", and it will refuse to export any git directory
that hasn't explicitly been marked for export this way.
What I'd ask people to check is how comfortable for example kernel.org
would be to have one machine that runs this kind of service? I've tried
very hard to set it up so that it doesn't have any security issues: the
daemon can be run as "nobody", and it shouldn't ever even write to any
files, although I guess we should do a full check of that.
In fact, it doesn't even really accept any user input except for the list
of SHA1's that you give the upload which denote the "I have these" list.
So I really think it should be hard to fool into doing anything bad, and
the code isn't _that_ complicated, but hey, it's a daemon. They're always
buggy, and there are always security issues.
Anyway, this would be a _wonderful_ interface for read-only updates, ie
people pulling from my (and other peoples) git repositories.
Linus
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
