path: root/shell.c
diff options
authorJeff King <>2017-09-11 15:27:51 (GMT)
committerJunio C Hamano <>2017-09-12 02:05:58 (GMT)
commit9a42c03cb71eaa9d41ba67275de38c997a791c32 (patch)
tree44ee74f0b9e03573523e311e7011c26c5f580e84 /shell.c
parent4d4165b80d6b91a255e2847583bd4df98b5d54e1 (diff)
shell: drop git-cvsserver support by default
The git-cvsserver script is old and largely unmaintained these days. But git-shell allows untrusted users to run it out of the box, significantly increasing its attack surface. Let's drop it from git-shell's list of internal handlers so that it cannot be run by default. This is not backwards compatible. But given the age and development activity on CVS-related parts of Git, this is likely to impact very few users, while helping many more (i.e., anybody who runs git-shell and had no intention of supporting CVS). There's no configuration mechanism in git-shell for us to add a boolean and flip it to "off". But there is a mechanism for adding custom commands, and adding CVS support here is fairly trivial. Let's document it to give guidance to anybody who really is still running cvsserver. Signed-off-by: Jeff King <> Signed-off-by: Junio C Hamano <>
Diffstat (limited to 'shell.c')
1 files changed, 0 insertions, 14 deletions
diff --git a/shell.c b/shell.c
index fe2d314..234b2d4 100644
--- a/shell.c
+++ b/shell.c
@@ -25,19 +25,6 @@ static int do_generic_cmd(const char *me, char *arg)
return execv_git_cmd(my_argv);
-static int do_cvs_cmd(const char *me, char *arg)
- const char *cvsserver_argv[3] = {
- "cvsserver", "server", NULL
- };
- if (!arg || strcmp(arg, "server"))
- die("git-cvsserver only handles server: %s", arg);
- setup_path();
- return execv_git_cmd(cvsserver_argv);
static int is_valid_cmd_name(const char *cmd)
/* Test command contains no . or / characters */
@@ -134,7 +121,6 @@ static struct commands {
{ "git-receive-pack", do_generic_cmd },
{ "git-upload-pack", do_generic_cmd },
{ "git-upload-archive", do_generic_cmd },
- { "cvs", do_cvs_cmd },
{ NULL },