From: Michael McClimon <michael@mcclimon.org>
To: Jeff King <peff@peff.net>
Cc: Junio C Hamano <gitster@pobox.com>, git@vger.kernel.org
Subject: Re: [PATCH v2 2/2] setup: allow Git.pm to do unsafe repo checking
Date: Sat, 22 Oct 2022 19:19:21 -0400 [thread overview]
Message-ID: <Y1R6ecMO+6X8tFlF@newk> (raw)
In-Reply-To: <Y1Rp+7R7e+LFa5k6@coredump.intra.peff.net>
> I prepared it on top of your fix in the mm/git-pm-try-catch-syntax-fix
> branch. That's not strictly necessary, since my patch deletes the line
> you fixed. :) But I think it's nicer to use your fix as the starting
> point, since it means the test runs but produces the wrong behavior,
> rather than barfing with a syntax error.
My vanity thanks you for this, even if it's not strictly necessary. As a
professional programmer with roughly no C chops and a long-time admirer of the
Git project, all I _really_ wanted to do was to fix a thing that was in my
wheelhouse so that I could say I have a commit in the history. (This isn't a
good reason on its own, of course, but I'm happy it was useful even if the
line is immediately deleted!)
> We can fix this by just relying on rev-parse to tell us when we're not
> in a repository, which fixes the vulnerability. Furthermore, we'll ask
> its --is-bare-repository function to tell us if we're bare or not, and
> rely on that.
Your suggested patch seems fine to me, and indeed I think if we were writing
it today we'd just rely on rev-parse to do the heavy lifting. It looks like
the code in question -- and indeed, the syntax error in question -- blames to
d5c7721d (Git.pm: Add support for subdirectories inside of working copies,
2006-06-23), at which point rev-parse did not appear to have any special
handling for bare repositories.
--
Michael McClimon
michael@mcclimon.org
next prev parent reply other threads:[~2022-10-22 23:19 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-16 21:22 [PATCH 0/1] Git.pm: add semicolon after catch statement Michael McClimon
2022-10-16 21:22 ` [PATCH 1/1] " Michael McClimon
2022-10-16 23:18 ` Jeff King
2022-10-17 2:17 ` Michael McClimon
2022-10-17 17:34 ` Jeff King
2022-10-18 1:39 ` Michael McClimon
2022-11-10 15:10 ` Johannes Schindelin
2022-11-10 21:41 ` Jeff King
2022-10-22 1:19 ` [PATCH v2 0/2] Fix behavior of Git.pm in unsafe bare repositories Michael McClimon
2022-10-22 1:19 ` [PATCH v2 1/2] Git.pm: add semicolon after catch statement Michael McClimon
2022-10-22 1:19 ` [PATCH v2 2/2] setup: allow Git.pm to do unsafe repo checking Michael McClimon
2022-10-22 5:29 ` Junio C Hamano
2022-10-22 21:18 ` Jeff King
2022-10-22 23:17 ` Junio C Hamano
2022-10-22 19:45 ` Ævar Arnfjörð Bjarmason
2022-10-22 20:55 ` Jeff King
2022-10-24 10:57 ` Ævar Arnfjörð Bjarmason
2022-10-24 23:38 ` Jeff King
2022-10-22 21:16 ` Jeff King
2022-10-22 22:08 ` Jeff King
2022-10-22 23:19 ` Michael McClimon [this message]
2022-10-24 23:33 ` Jeff King
2022-10-22 23:14 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y1R6ecMO+6X8tFlF@newk \
--to=michael@mcclimon.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.