From a7d7d7ec35f8df38acd5eef2b775c7a0c90d4249 Mon Sep 17 00:00:00 2001 From: "szager@chromium.org" Date: Mon, 29 Jul 2013 16:10:41 +0000 Subject: [PATCH] Explicitly exec hooks inside a shell. We don't want to permit the execution of an arbitrary binary. TBR=ilevy@chromium.org BUG= Review URL: https://codereview.chromium.org/21012004 git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@214193 0039d316-1c4b-4281-b951-d872f2087c98 --- git-templates/hooks/applypatch-msg | 2 +- git-templates/hooks/post-applypatch | 2 +- git-templates/hooks/post-checkout | 2 +- git-templates/hooks/post-commit | 2 +- git-templates/hooks/post-merge | 2 +- git-templates/hooks/post-update | 2 +- git-templates/hooks/pre-applypatch | 2 +- git-templates/hooks/pre-auto-gc | 2 +- git-templates/hooks/pre-commit | 2 +- git-templates/hooks/pre-rebase | 2 +- git-templates/hooks/prepare-commit-msg | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/git-templates/hooks/applypatch-msg b/git-templates/hooks/applypatch-msg index 35e558bfc..286ddfe65 100755 --- a/git-templates/hooks/applypatch-msg +++ b/git-templates/hooks/applypatch-msg @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/applypatch-msg" ] && exec "build/git-hooks/applypatch-msg" "$@" +[ -e "build/git-hooks/applypatch-msg" ] && exec sh "build/git-hooks/applypatch-msg" "$@" exit 0 diff --git a/git-templates/hooks/post-applypatch b/git-templates/hooks/post-applypatch index bd7fae87a..fd05e1ae5 100755 --- a/git-templates/hooks/post-applypatch +++ b/git-templates/hooks/post-applypatch @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/post-applypatch" ] && exec "build/git-hooks/post-applypatch" "$@" +[ -e "build/git-hooks/post-applypatch" ] && exec sh "build/git-hooks/post-applypatch" "$@" exit 0 diff --git a/git-templates/hooks/post-checkout b/git-templates/hooks/post-checkout index 856d4f57c..95ea511b9 100755 --- a/git-templates/hooks/post-checkout +++ b/git-templates/hooks/post-checkout @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/post-checkout" ] && exec "build/git-hooks/post-checkout" "$@" +[ -e "build/git-hooks/post-checkout" ] && exec sh "build/git-hooks/post-checkout" "$@" exit 0 diff --git a/git-templates/hooks/post-commit b/git-templates/hooks/post-commit index dd177313b..23e4c3716 100755 --- a/git-templates/hooks/post-commit +++ b/git-templates/hooks/post-commit @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/post-commit" ] && exec "build/git-hooks/post-commit" "$@" +[ -e "build/git-hooks/post-commit" ] && exec sh "build/git-hooks/post-commit" "$@" exit 0 diff --git a/git-templates/hooks/post-merge b/git-templates/hooks/post-merge index 87ebad2ee..637492e5b 100755 --- a/git-templates/hooks/post-merge +++ b/git-templates/hooks/post-merge @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/post-merge" ] && exec "build/git-hooks/post-merge" "$@" +[ -e "build/git-hooks/post-merge" ] && exec sh "build/git-hooks/post-merge" "$@" exit 0 diff --git a/git-templates/hooks/post-update b/git-templates/hooks/post-update index db4ceb015..674b57fc0 100755 --- a/git-templates/hooks/post-update +++ b/git-templates/hooks/post-update @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/post-update" ] && exec "build/git-hooks/post-update" "$@" +[ -e "build/git-hooks/post-update" ] && exec sh "build/git-hooks/post-update" "$@" exit 0 diff --git a/git-templates/hooks/pre-applypatch b/git-templates/hooks/pre-applypatch index d2a43a2b9..2ee6aea40 100755 --- a/git-templates/hooks/pre-applypatch +++ b/git-templates/hooks/pre-applypatch @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/pre-applypatch" ] && exec "build/git-hooks/pre-applypatch" "$@" +[ -e "build/git-hooks/pre-applypatch" ] && exec sh "build/git-hooks/pre-applypatch" "$@" exit 0 diff --git a/git-templates/hooks/pre-auto-gc b/git-templates/hooks/pre-auto-gc index 0bde94fe6..d4a2d3095 100755 --- a/git-templates/hooks/pre-auto-gc +++ b/git-templates/hooks/pre-auto-gc @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/pre-auto-gc" ] && exec "build/git-hooks/pre-auto-gc" "$@" +[ -e "build/git-hooks/pre-auto-gc" ] && exec sh "build/git-hooks/pre-auto-gc" "$@" exit 0 diff --git a/git-templates/hooks/pre-commit b/git-templates/hooks/pre-commit index 7201ded43..232e4a539 100755 --- a/git-templates/hooks/pre-commit +++ b/git-templates/hooks/pre-commit @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/pre-commit" ] && exec "build/git-hooks/pre-commit" "$@" +[ -e "build/git-hooks/pre-commit" ] && exec sh "build/git-hooks/pre-commit" "$@" exit 0 diff --git a/git-templates/hooks/pre-rebase b/git-templates/hooks/pre-rebase index 20ad5bb33..535b78d5e 100755 --- a/git-templates/hooks/pre-rebase +++ b/git-templates/hooks/pre-rebase @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/pre-rebase" ] && exec "build/git-hooks/pre-rebase" "$@" +[ -e "build/git-hooks/pre-rebase" ] && exec sh "build/git-hooks/pre-rebase" "$@" exit 0 diff --git a/git-templates/hooks/prepare-commit-msg b/git-templates/hooks/prepare-commit-msg index 9edd243ce..7b6ebdf75 100755 --- a/git-templates/hooks/prepare-commit-msg +++ b/git-templates/hooks/prepare-commit-msg @@ -1,4 +1,4 @@ #!/bin/sh -[ -e "build/git-hooks/prepare-commit-msg" ] && exec "build/git-hooks/prepare-commit-msg" "$@" +[ -e "build/git-hooks/prepare-commit-msg" ] && exec sh "build/git-hooks/prepare-commit-msg" "$@" exit 0