Re: [PATCH] git-daemon extra paranoia

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "H. Peter Anvin" <hpa@zytor.com>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Git Mailing List <git@vger.kernel.org>
Subject: Re: [PATCH] git-daemon extra paranoia
Date: Tue, 18 Oct 2005 17:21:55 -0700	[thread overview]
Message-ID: <435591A3.7030708@zytor.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0510181517280.3369@g5.osdl.org>

Linus Torvalds wrote:
> 
> Hmm. The "not ending in /" is a bad test. 
> 
> Especially in light of the fact that the git-pack protocol quite by design 
> tends to add a ".git" to the end as a fallback, so that a user that wants 
> to specify a particular directory _without_ that fallback needs to have 
> the slash at the end.
> 
> Now, git-daemon hasn't implemented that, but I think that was just a 
> mistake that grew out of it not getting a lot of testing, since it wasn't 
> used much. I personally use the "without the final .git" version quite 
> often, because it just looks so much nicer for the user.
> 
> In fact, here's a patch that makes git-daemon allow it, and thus match the 
> behaviour of the ssh transport.
> 
> The logic is simple: if the original "chdir()" fails, try another one with 
> ".git" appended. This is in _addition_ to doing the 'chdir(".git")' later, 
> so that if you have a checked-out git repository in /home/linux-2.6.git, 
> then doing a
> 

This is also exactly the kind of DWIM that tends to result in the kind 
of security holes I described earlier.

The DWIM aspect is fine, of course, but it has to be done up front: 
instead of doing just chdir(), each path should be validated through 
path_ok() before even being considered for chdir().  Perhaps the right 
thing to do is to combine the two functions.

	-hpa

next prev parent reply	other threads:[~2005-10-19  0:22 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-10-18 20:54 [PATCH] git-daemon extra paranoia H. Peter Anvin
2005-10-18 21:19 ` Junio C Hamano
2005-10-18 21:29   ` H. Peter Anvin
2005-10-18 22:08     ` H. Peter Anvin
2005-10-18 22:13       ` [PATCH] Revised - " H. Peter Anvin
2005-10-18 22:25 ` [PATCH] " Linus Torvalds
2005-10-18 22:47   ` Junio C Hamano
2005-10-18 23:21     ` Linus Torvalds
2005-10-19  0:21   ` H. Peter Anvin [this message]
2005-10-19  0:41     ` Linus Torvalds
2005-10-19  0:43       ` H. Peter Anvin
2005-10-19  1:18         ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=435591A3.7030708@zytor.com \
    --to=hpa@zytor.com \
    --cc=git@vger.kernel.org \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.