From: Johannes Sixt <j.sixt@viscovery.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: Git Mailing List <git@vger.kernel.org>
Subject: Re: [PATCH 2/2] daemon: Verify base-path and interpolated-path early
Date: Tue, 26 Feb 2008 13:00:55 +0100 [thread overview]
Message-ID: <47C3FF77.2060902@viscovery.net> (raw)
In-Reply-To: <7vejb0j04z.fsf@gitster.siamese.dyndns.org>
Junio C Hamano schrieb:
> Johannes Sixt <j.sixt@viscovery.net> writes:
>
>> Any request to the daemon would fail if either interpolated-path or
>> base-path (if specified) would not be absolute. Hence, we can check those
>> paths for validity upfront and not start the daemon at all if the paths are
>> invalid.
>>
>> Additionally, we now check that the base-path is an existing directory.
>
> Looks good. Thanks.
I just discovered that this patch is crap. Please drop it!
We must not remove the checks from path_ok() because they verify the
*client-supplied* part of the path, which must be absolute.
Nevertheless, it would be useful to verify that --base-path points to an
existing directory. What I actually wanted to implement is this:
-- >8 --
daemon: ensure that base-path is an existing directory
Any request to the daemon would fail if base-path (if specified) is not
a directory. We now check for this condition early.
Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at>
---
daemon.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/daemon.c b/daemon.c
index dd0177f..2b4a6f1 100644
--- a/daemon.c
+++ b/daemon.c
@@ -1184,6 +1184,14 @@ int main(int argc, char **argv)
if (strict_paths && (!ok_paths || !*ok_paths))
die("option --strict-paths requires a whitelist");
+ if (base_path) {
+ struct stat st;
+
+ if (stat(base_path, &st) || !S_ISDIR(st.st_mode))
+ die("base-path '%s' does not exist or "
+ "is not a directory", base_path);
+ }
+
if (inetd_mode) {
struct sockaddr_storage ss;
struct sockaddr *peer = (struct sockaddr *)&ss;
--
1.5.4.3.231.g5d43e
prev parent reply other threads:[~2008-02-26 12:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-25 13:27 [PATCH 2/2] daemon: Verify base-path and interpolated-path early Johannes Sixt
2008-02-25 19:39 ` Junio C Hamano
2008-02-26 12:00 ` Johannes Sixt [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47C3FF77.2060902@viscovery.net \
--to=j.sixt@viscovery.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.