From: Richard Hartmann <richih@debian.org>
Date: Tue, 21 Jan 2014 14:56:15 +0000 (+0100)
Subject: vcsh: Initialize repos with --shared=0600
X-Git-Url: https://git.madduck.net/code/vcsh.git/commitdiff_plain/e220a617bcd54e5fd324e21e418fff7c3c3f170a?ds=inline;hp=--cc

vcsh: Initialize repos with --shared=0600

Configurations and other dotdir content may be highly confidential.

Ensure we're not leaking/exposing information by making vcsh
repositories user-accessible, only.

Thanks to Enrico Zini for realizing this was a problem.
---

e220a617bcd54e5fd324e21e418fff7c3c3f170a
diff --git a/vcsh b/vcsh
index 5d502e7..993c8ed 100755
--- a/vcsh
+++ b/vcsh
@@ -221,7 +221,7 @@ init() {
 	[ ! -e "$GIT_DIR" ] || fatal "'$GIT_DIR' exists" 10
 	mkdir -p "$VCSH_BASE" || fatal "could not create '$VCSH_BASE'" 50
 	cd "$VCSH_BASE" || fatal "could not enter '$VCSH_BASE'" 11
-	git init
+	git init --shared=0600
 	upgrade
 	hook post-init
 }