Re: Useless error message?

[Andreas Ericsson <ae@op5.se>]

On 04/22/2010 12:15 PM, Jonathan Nieder wrote:
> Andreas Ericsson wrote:
>> On 04/22/2010 11:42 AM, Jonathan Nieder wrote:
> 
>>> [1] I do suspect that in the case of failing enter_repo() or missing
>>> git-daemon-export-ok, saying “cannot read the specified repo” would be
>>> fine.  Most of the time, there is not much value in disclosing a more
>>> detailed reason, anyway.
>>
>> That would make it possible for random attackers to determine whether
>> a specific user exists on the system, which is very bad indeed.
> 
> I guess I am missing something.  How would
> 
> (*) $ git clone git://git.example.com/~u/foo
>      remote: Cannot read the specified repo
> 
> tell me whether that user existed on the system?  If the daemon gives
> the same message for ENOENT, missing git-daemon-export-ok, EPERM, and
> so on so I cannot distinguish the cases, then I just don’t see the
> problem.
> 
> If the daemon failed for some other reason, like a flaky network, I
> would see
> 
>      $ git clone git://git.example.com/~u/foo
>      fatal: The remote end hung up unexpectedly
> 
> So the extra information could still be helpful, without unwanted
> information disclosure.  In the case (*) I learn definitively that the
> address I specified does not represent a repo I have access to, rather
> than this being some random, transient unexplained problem.
> 

So that would be the new error message for everything that fails, then?

One big reason why I'm not bothered with running the git-daemon on a
public server is that it's very simple. If something goes wrong, it
dies without fiddling about.

How would it benefit you if it said "fatal: Something went wrong, but
I didn't crash" instead of just hanging up? If you have the wrong
repo address, you'd still have to check up with whoever gave it to
you to get it right. If it *does* crash, you'd still have to get
hold of the server admin to tell him that it has crashed.

A minor patch to git-fetch, updating the error message with a few
possible reasons would be far better. I don't care about it myself,
but I'm sure such a patch would be a lot easier to get into git.git
than something that adds a lot of complexity to the git daemon.

-- 
Andreas Ericsson                   andreas.ericsson@op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.