From: Junio C Hamano <gitster@pobox.com>
To: "Troels Thomsen" <troels@thomsen.io>
Cc: "Troels Thomsen via GitGitGadget" <gitgitgadget@gmail.com>,
git@vger.kernel.org
Subject: Re: [PATCH] receive-pack: fix crash on out-of-namespace symref
Date: Sat, 21 Feb 2026 09:00:05 -0800 [thread overview]
Message-ID: <xmqq8qcmt4kq.fsf@gitster.g> (raw)
In-Reply-To: <xmqqbjjgiz3a.fsf@gitster.g> (Junio C. Hamano's message of "Tue, 30 Dec 2025 09:37:45 +0900")
Junio C Hamano <gitster@pobox.com> writes:
> "Troels Thomsen" <troels@thomsen.io> writes:
>
>> On Sun, Dec 28, 2025, at 15:57, Junio C Hamano wrote:
>>
>>> Fixing crash is certainly a good thing, but when the namespace is
>>> segregated and receive-pack wants to get updates only within the
>>> given namespace, would presence of such a cross namespace symref
>>> cause updates outside the namespace through the symref, defeating
>>> the point of setting up a namespace in the first place?
>>>
>>> I am not objecting to the new behaviour, but am not sure if it is a
>>> sensible one. You _might_ be able to argue that an attempt to update
>>> underlying refs outside the namespace through such a symbolic ref
>>> should result in an error (i.e., a fix to the current crashing
>>> behaviour is to die in a controlled way).
>>>
>>> Thoughts?
>>
>> I think it's important that the symbolic ref needs to be explicitly
>> created on the receiving side.
>
> Yes, and that can cut both ways. In an ideal world without any
> end-users who make any mistakes, deliberate cross namespace symref
> may be a handy feature to break out of the namespace jail on purpose
> in a controlled way.
>
> But if the symref was made to point across the namespace boundary by
> mistake, catching it as a misconfiguration may be a crucial chance
> the user has to prevent it from turning into a security incident.
> And that is why I asked.
The review discussion thread ended here. I am dropping the topic
out of my tree now, but I do not think it would be a bad idea to
resurrect the topic that turns the uncontrolled segmentation fault
into a controlled death that calls die("hey, what is that cross
namespace link doing there?").
Thanks.
next prev parent reply other threads:[~2026-02-21 17:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-27 15:40 [PATCH] receive-pack: fix crash on out-of-namespace symref Troels Thomsen via GitGitGadget
2025-12-28 14:57 ` Junio C Hamano
2025-12-28 16:26 ` Troels Thomsen
2025-12-30 0:37 ` Junio C Hamano
2026-02-21 17:00 ` Junio C Hamano [this message]
2026-02-22 7:56 ` Troels Thomsen
2026-02-22 20:35 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq8qcmt4kq.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=troels@thomsen.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.