diff options
author | Tony Finch <dot@dotat.at> | 2010-03-31 03:35:10 +0100 |
---|---|---|
committer | Ian Jackson <ian@liberator.relativity.greenend.org.uk> | 2010-05-22 15:54:42 +0100 |
commit | 82e04925eb9e251fb56c507967fe1ff76e59c94c (patch) | |
tree | d5b443e35bc0aad5b06ed463abed0d3408f4e8be /git-daemon | |
parent | f1ebe10b60640bdbdd34927d5d74624c2a494f95 (diff) | |
download | userv-utils-82e04925eb9e251fb56c507967fe1ff76e59c94c.tar.gz |
git-daemon/chiark-urlmap: better security
Check the server IP address corresponds to the server hostname
when exporting VPN-only repositories.
Use symlinks under ~/.userv so that public-git directories
are not exported by default, as in the www-cgi configuration.
Diffstat (limited to 'git-daemon')
-rw-r--r-- | git-daemon/chiark-urlmap | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/git-daemon/chiark-urlmap b/git-daemon/chiark-urlmap index d3bb876..499f21c 100644 --- a/git-daemon/chiark-urlmap +++ b/git-daemon/chiark-urlmap @@ -7,14 +7,16 @@ if ($host eq 'git.chiark.greenend.org.uk') { if ($path =~ m{^~([^/]*)/(.*)}) { $user = $1; - $dir = 'public-git'; + $dir = '.userv/public-git'; $repo = $2; } else { $user = 'webmaster'; $dir = '/u2/git-repos'; $repo = $path; } -} elsif (m{^git://cabal[.]greenend[.]org[.]uk/~([^/]*)/(.*)$}) { +} elsif ($server_addr eq '172.31.80.8' and + $host eq 'cabal.greenend.org.uk' and + $path =~ m|^~([^/]*)/(.*)$|) { $user = $1; $dir = 'cabal-git'; $repo = $2; |