1. If PATH is controlled by an attacker, it's already game over, regardless of this script. 2. Using `which` doesn't make sense, since in a shell script you just call it by the name, and then it searches path. 3. Gitolite is frequently installed just in a home directory, in the case of shared hosting, not globally in /usr or /usr/local. 4. So, the best way is just to call gitolite by typing "gitolite" _______________________________________________ cgit mailing list [email protected] http://hjemli.net/mailman/listinfo/cgit
- [PATCHv3 0/3] Implement authorization via external prog... Valentin Haenel
- Re: [PATCHv3 0/3] Implement authorization via exte... Ben Boeckel
- Re: [PATCHv3 0/3] Implement authorization via exte... Jason A. Donenfeld
- [PATCHv3 2/3] Add ability to authorize viewing a reposi... Valentin Haenel
- Re: [PATCHv3 2/3] Add ability to authorize viewing... Jason A. Donenfeld
- [PATCHv4 0/2] Authorize viewing a repository Valentin Haenel
- [PATCHv4 2/2] Helper script to interface to gitoli... Valentin Haenel
- Re: [PATCHv4 2/2] Helper script to interface t... Jamie Couture
- Re: [PATCHv4 2/2] Helper script to interfa... Ben Boeckel
- Re: [PATCHv4 2/2] Helper script to int... Jason A. Donenfeld
- Re: [PATCHv4 2/2] Helper script t... Ben Boeckel
- Re: [PATCHv4 2/2] Helper script t... Valentin Haenel
- Re: [PATCHv4 2/2] Helper scri... Jason A. Donenfeld
- [PATCHv4 1/2] Add ability to authorize viewing a r... Valentin Haenel
- Re: [PATCHv4 0/2] Authorize viewing a repository Valentin Haenel
- Re: [PATCHv4 0/2] Authorize viewing a reposito... Jason A. Donenfeld
- Re: [PATCHv4 0/2] Authorize viewing a repo... Valentin Haenel
