From: Junio C Hamano <gitster@pobox.com>
To: "Troels Thomsen" <troels@thomsen.io>
Cc: "Troels Thomsen via GitGitGadget" <gitgitgadget@gmail.com>,
git@vger.kernel.org
Subject: Re: [PATCH] receive-pack: fix crash on out-of-namespace symref
Date: Tue, 30 Dec 2025 09:37:45 +0900 [thread overview]
Message-ID: <xmqqbjjgiz3a.fsf@gitster.g> (raw)
In-Reply-To: <a16bf8a6-2f57-4794-91b5-92615f184c4b@app.fastmail.com> (Troels Thomsen's message of "Sun, 28 Dec 2025 17:26:45 +0100")
"Troels Thomsen" <troels@thomsen.io> writes:
> On Sun, Dec 28, 2025, at 15:57, Junio C Hamano wrote:
>
>> Fixing crash is certainly a good thing, but when the namespace is
>> segregated and receive-pack wants to get updates only within the
>> given namespace, would presence of such a cross namespace symref
>> cause updates outside the namespace through the symref, defeating
>> the point of setting up a namespace in the first place?
>>
>> I am not objecting to the new behaviour, but am not sure if it is a
>> sensible one. You _might_ be able to argue that an attempt to update
>> underlying refs outside the namespace through such a symbolic ref
>> should result in an error (i.e., a fix to the current crashing
>> behaviour is to die in a controlled way).
>>
>> Thoughts?
>
> I think it's important that the symbolic ref needs to be explicitly
> created on the receiving side.
Yes, and that can cut both ways. In an ideal world without any
end-users who make any mistakes, deliberate cross namespace symref
may be a handy feature to break out of the namespace jail on purpose
in a controlled way.
But if the symref was made to point across the namespace boundary by
mistake, catching it as a misconfiguration may be a crucial chance
the user has to prevent it from turning into a security incident.
And that is why I asked.
next prev parent reply other threads:[~2025-12-30 0:37 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-27 15:40 [PATCH] receive-pack: fix crash on out-of-namespace symref Troels Thomsen via GitGitGadget
2025-12-28 14:57 ` Junio C Hamano
2025-12-28 16:26 ` Troels Thomsen
2025-12-30 0:37 ` Junio C Hamano [this message]
2026-02-21 17:00 ` Junio C Hamano
2026-02-22 7:56 ` Troels Thomsen
2026-02-22 20:35 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqbjjgiz3a.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=troels@thomsen.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.