From: Rene Herman <rene.herman@keyaccess.nl>
To: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Cc: Steffen Prohaska <prohaska@zib.de>,
Johannes Sixt <johannes.sixt@telecom.at>,
git@vger.kernel.org, Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCH] Set up argv0_path correctly, even when argv[0] is just the basename
Date: Sat, 26 Jul 2008 17:19:57 +0200 [thread overview]
Message-ID: <488B409D.40709@keyaccess.nl> (raw)
In-Reply-To: <alpine.DEB.1.00.0807261709090.26810@eeepc-johanness>
On 26-07-08 17:10, Johannes Schindelin wrote:
> Hi,
>
> On Sat, 26 Jul 2008, Rene Herman wrote:
>
>> On 26-07-08 16:14, Johannes Schindelin wrote:
>>
>>> When the program 'git' is in the PATH, the argv[0] is set to the
>>> basename. However, argv0_path needs the full path, so add a function
>>> to discover the program by traversing the PATH manually.
>> While not having read the context for this, this ofcourse sounds like a huge
>> gaping race-condition. If applicable here (as said, did not read context) you
>> generally want to make sure that there's no window that a path could be
>> replaced -- while perhaps not here, that's often the kind of thing that
>> security attacks end up abusing.
>
> Yeah, and that's why you would carefully time your attack just in between
> the command invocation and the discovery of argv[0] in the PATH.
>
> Rather than replacing the 'git' program with an infected version right
> away.
Adding to the PATH is generally not disallowed by user level security.
Replacing the GIT binary generally is.
Sure maybe it's not much of a problem here; as said, I didn't read the
context and am not a GIT person. Just commented on a git-user list when
this was the next message on the list. Though a heads-up might still be
in order. If it wasn't useful -- so be it, but even making a command do
something different than a user expected can have serious implications,
for example in this case for the tree they are working on.
Rene.
next prev parent reply other threads:[~2008-07-26 15:18 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-26 9:41 [PATCH] Modify mingw_main() workaround to avoid link errors Steffen Prohaska
2008-07-26 13:17 ` Johannes Schindelin
2008-07-26 16:07 ` Steffen Prohaska
2008-07-26 14:14 ` [PATCH] Set up argv0_path correctly, even when argv[0] is just the basename Johannes Schindelin
2008-07-26 14:54 ` Rene Herman
2008-07-26 15:10 ` Johannes Schindelin
2008-07-26 15:19 ` Rene Herman [this message]
2008-07-26 15:35 ` Johannes Schindelin
2008-07-26 15:53 ` Rene Herman
2008-07-26 17:31 ` Junio C Hamano
2008-07-26 17:42 ` Johannes Schindelin
2008-08-03 20:25 ` Jan Hudec
2008-08-03 20:43 ` Junio C Hamano
2008-07-26 20:37 ` [PATCH] Modify mingw_main() workaround to avoid link errors Johannes Sixt
2008-07-26 21:36 ` Steffen Prohaska
2008-07-27 19:24 ` Johannes Sixt
2008-07-29 4:46 ` Steffen Prohaska
2008-07-29 8:33 ` Johannes Sixt
2008-07-29 19:46 ` Steffen Prohaska
2008-08-03 19:55 ` Johannes Sixt
2008-08-03 21:21 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=488B409D.40709@keyaccess.nl \
--to=rene.herman@keyaccess.nl \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=johannes.sixt@telecom.at \
--cc=prohaska@zib.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.