On Thu, Sep 25, 2014 at 12:45 PM, Steve Meyers <[email protected]> wrote: > It appears that using something like gitolite to manage your Git repository > could be a problem, because users can bypass the ForceCommand and execute > arbitrary code.
It turns out that my GitLab server was open to this exploit, but the user had to be a GitLab user with public keys uploaded via the web interface. So, they're a pretty trusted group of users (120 or so), but still, it's not a good place to be. They'd still need to get escalated privileges to do anything interesting. I don't remember the Ubuntu version. Maybe12.04. Gabe /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
