From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Sat, 27 Oct 2012 19:16:36 -0600
Subject: [PATCHv2 2/3] Add ability to authorize viewing a repository
In-Reply-To: <k6i03d$mp0$3@ger.gmane.org>
References: <1350378927-10834-1-git-send-email-valentin.haenel@gmx.de>
 <1350894558-24840-2-git-send-email-valentin.haenel@gmx.de>
 <k6i03d$mp0$3@ger.gmane.org>
Message-ID: <CAHmME9q2nuyEbTL9tueV+dg9+m+W4DtOQ-i3=zzzfs2384hKKQ@mail.gmail.com>

On Sat, Oct 27, 2012 at 7:00 PM, Ben Boeckel <mathstuf at gmail.com> wrote:
> Single quote the arguments to the executable. This is ripe for code
> execution (remote_user is under attacker's control).

Was going to mention this myself, but you beat me too it. Dead on.
Correctamundo.

Please double double tripe triple check your code before submitting things.


While we're on the topic, is "system" the best way to be calling this?
Since an auth helper gets called for each and every request, it seems
like it'd be cleanest if we could just fork/exec/wait ourselves,
passing the options in to execv. This way we don't have to fire up a
shell interpreter each time.