diff options
author | Jeff King <peff@peff.net> | 2017-09-11 11:27:51 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2017-09-12 11:05:58 +0900 |
commit | 9a42c03cb71eaa9d41ba67275de38c997a791c32 (patch) | |
tree | 44ee74f0b9e03573523e311e7011c26c5f580e84 /refs.c | |
parent | 4d4165b80d6b91a255e2847583bd4df98b5d54e1 (diff) | |
download | git-9a42c03cb71eaa9d41ba67275de38c997a791c32.tar.gz |
shell: drop git-cvsserver support by defaultjk/git-shell-drop-cvsserver
The git-cvsserver script is old and largely unmaintained
these days. But git-shell allows untrusted users to run it
out of the box, significantly increasing its attack surface.
Let's drop it from git-shell's list of internal handlers so
that it cannot be run by default. This is not backwards
compatible. But given the age and development activity on
CVS-related parts of Git, this is likely to impact very few
users, while helping many more (i.e., anybody who runs
git-shell and had no intention of supporting CVS).
There's no configuration mechanism in git-shell for us to
add a boolean and flip it to "off". But there is a mechanism
for adding custom commands, and adding CVS support here is
fairly trivial. Let's document it to give guidance to
anybody who really is still running cvsserver.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'refs.c')
0 files changed, 0 insertions, 0 deletions