On Wed, Oct 04, 2023 at 02:59:11PM +0200, Stefan Sperling wrote:
> On Wed, Oct 04, 2023 at 01:02:24PM +0200, Lorenz (xha) wrote:
> > hi gameoftrees@,
> > 
> > i've been trying to get more away from web browsers and since i really
> > like the interface of tog i am curious if i could allow anonymous tog
> > access via ssh using a shell script like this:
> > 
> > ```
> > #!/bin/sh
> > repository='$1'
> > 
> > echo "to view the tree of a commit, press T"
> > echo "see got(1) for a full manual page"
> > read
> > 
> > cd '$repository'
> > 
> > tog
> > ```
> > 
> > i obviously would need to ensure that the variable $1 doesn't contain
> > something like "..". i would probably do a switch case to make sure that
> > only repos i want can actually be viewed.
> > 
> > i couldn't find anything on the mailling lists that anyone has ever
> > tried this. since tog only allows read-only access, this would be fine,
> > right?
> > 
> > - lorenz
> 
> I don't think this is safe since you are giving visitors a shell.
> A visitor could probably type Ctrl-Z, moving tog into the background, and
> then run commands.

i would've set the script as the shell. i *think* you cannot press Ctrl-Z
in that case? not sure tho, so see below

> 
> The safe way to do this is to run gotd, allowing users to fetch a clone of
> your repository anonymously with gotsh as their server-side login shell,
> and then let them view the cloned repository in whatever way they prefer.

on second thought, it's probably a good idea to not use a shell script
but instead something like a simple lua or python script that exec's
tog.

it's nice to have some sort of overview if you just want to look into
what the repository contains.

so the question is just, is it really safe, just from the perspective of
tog(1), to provide something like this to the outside world?

i have looked into the code of tog and as far as i understand, this
should be fine?