Restrictive Shell setup not restrictive

[lindenaar]

@rockstorm101, Thank you very for your efforts to provide this solution to run a git server in a docker container.

I have set it up on my local network (actually it is running on my NAS) and tried to tighten the security a bit. when I noticed that the current setup of the restrictive shell is unfortunately not restrictive at all. I do not want to post here how to gain full (i.e. unrestricted - not more!) access, but with git access, it is fairly simple to step out of the restrictive shell when interactive mode is not disabled.

Please consider disabling interactive mode by default and clearly state the risks that this is not secure at all. Alternatively, if it would be possible to have control over which which commands are added during the build process (and reducing the default list) could also be a good solution.

In case you need any details, please send me a DM

regards,

Frederik

[rockstorm101]

In case you need any details, please send me a DM

Yes please. Send over the details to: rockstorm gmx com. I'm really curious.

Please consider disabling interactive mode by default

That'd be unfortunate for novice users which is why I tried to at least give them a few commands to create and edit repositories remotely without having to access the host. But I'd rather prioritize security in this case I think. So I'll look into this.

Thanks for bringing this up and letting me know about the issue :)

[lindenaar]

@rockstorm101 please refer to my e-mail