From: Junio C Hamano <gitster@pobox.com>
To: Jeff King <peff@peff.net>
Cc: Johannes Schindelin <Johannes.Schindelin@gmx.de>,
git@vger.kernel.org,
"brian m. carlson" <sandals@crustytoothpaste.net>,
"W. Michael Petullo" <mike@flyn.org>
Subject: Re: Git clone reads safe.directory differently?
Date: Thu, 01 Aug 2024 07:59:47 -0700 [thread overview]
Message-ID: <xmqqbk2cxp98.fsf@gitster.g> (raw)
In-Reply-To: <20240801061417.GD621899@coredump.intra.peff.net> (Jeff King's message of "Thu, 1 Aug 2024 02:14:17 -0400")
Jeff King <peff@peff.net> writes:
> ... if that is OK or not. My mental model has remained "it is OK to run
> upload-pack on an untrusted repository", but it would make sense to get
> input from folks who looked at this in the past, like Dscho, and/or to
> reassess the threat model from scratch.
>
> In particular I did not follow all of the potential issues with linked
> local files. Are we good now after other fixes (in which case this patch
> is OK)? Are we good only for non-local clones (so this patch is OK only
> combined with a fix for clone to check ownership for --local mode)? Or
> are there still problems if an attacker controls the repo paths, in
> which case upload-pack should remain conservative?
Good questions.
next prev parent reply other threads:[~2024-08-01 14:59 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-27 16:14 Git clone reads safe.directory differently? W. Michael Petullo
2024-07-27 21:58 ` Jeff King
2024-07-28 15:27 ` W. Michael Petullo
2024-07-28 22:48 ` Jeff King
2024-07-30 11:37 ` W. Michael Petullo
2024-07-30 22:28 ` brian m. carlson
2024-07-30 22:49 ` Junio C Hamano
2024-07-30 22:55 ` Junio C Hamano
2024-07-30 23:05 ` brian m. carlson
2024-07-31 7:28 ` Jeff King
2024-07-31 16:23 ` Junio C Hamano
2024-07-31 22:08 ` Junio C Hamano
2024-08-01 6:14 ` Jeff King
2024-08-01 14:59 ` Junio C Hamano [this message]
2024-08-01 21:26 ` brian m. carlson
2024-08-01 21:52 ` Junio C Hamano
2024-08-05 9:47 ` Jeff King
2024-08-05 15:34 ` W. Michael Petullo
2024-08-05 15:49 ` Junio C Hamano
2024-08-01 6:08 ` Jeff King
2024-07-31 7:19 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqbk2cxp98.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=mike@flyn.org \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.