diff options
| author | Aaron Ball <nullspoon@oper.io> | 2017-03-05 15:49:38 -0700 |
|---|---|---|
| committer | Aaron Ball <nullspoon@oper.io> | 2017-03-05 15:49:38 -0700 |
| commit | a67678d709198f266909ce0cbc092b0bd1ef834a (patch) | |
| tree | ca0e7bff529d818ca71f200470c7b9011277a3a9 | |
| parent | feb7ded6a33b93abeb905252f9159bfef1597c45 (diff) | |
| parent | aaa102bd029c2f5ee188e1a451d1c1496ec61fa0 (diff) | |
| download | gitaccess-a67678d709198f266909ce0cbc092b0bd1ef834a.tar.gz gitaccess-a67678d709198f266909ce0cbc092b0bd1ef834a.tar.xz | |
Merge branch 'security-fix'
| -rwxr-xr-x | gitaccess | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -30,9 +30,19 @@ # command="~/bin/gitaccess <username>" ecdsa-sha2-nistp521 AAAAE2v.... # +# Detect if someone tries to launch this script from this script, thus creating +# an infinite recursive loop spawning subshells. +if [ "${SSH_ORIGINAL_COMMAND:-}" == "$(basename ${0})" ]; then + printf "ERROR: Blocking infinite recursion\n" + exit 1 +fi + + +# All checks passed... + # The first argument should be the username, as defailed in the script # instructions export GIT_USER="${1}" # Environmental variables set up. Proceed as was originally planned. -/usr/bin/bash -c "${SSH_ORIGINAL_COMMAND}" +/usr/bin/env git shell -c "${SSH_ORIGINAL_COMMAND}" |