From: Junio C Hamano <gitster@pobox.com>
To: Carlo Arenas <carenas@gmail.com>
Cc: git@vger.kernel.org, bagasdotme@gmail.com,
phillip.wood123@gmail.com, Johannes.Schindelin@gmx.de,
"Guy Maurel" <guy.j@maurel.de>,
"SZEDER Gábor" <szeder.dev@gmail.com>,
"Randall Becker" <rsbecker@nexbridge.com>
Subject: Re: [PATCH v4 2/3] git-compat-util: avoid failing dir ownership checks if running privileged
Date: Wed, 11 May 2022 07:58:24 -0700 [thread overview]
Message-ID: <xmqqtu9wm7zj.fsf@gitster.g> (raw)
In-Reply-To: <CAPUEspiDeDm1p==H+yNq-s1cNyCyo8qOdqE20d7F4MVBi0thHw@mail.gmail.com> (Carlo Arenas's message of "Wed, 11 May 2022 00:34:02 -0700")
Carlo Arenas <carenas@gmail.com> writes:
>> Does Windows provide sudo that leaves the original user in SUDO_UID
>> (I doubt it)? If not, then "on a platform that provides sudo, it will"
>> would be sufficient.
>
> At least my windows box does not, but dscho's somehow had and so that
> line was added at his request[1] after he wasted so much time trying
> to get this to work and realized the function where SUDO_UID logic
> resides doesn't even exist in a Windows build.
Ahh, of course.
I forgot that this patch sent into is_path_owned_by_current_uid(),
as a UID as a value of some integer type is not a thing on Windows.
OK, so it does need to be as you wrote to mean "not on Windows, and
with 'sudo' that uses 'SUDO_UID' to record from whom 'root' came".
OK.
>> > + * In the unlikely scenario this happened to you, and that is how you
>> > + * got to this message, we would like to know about it by letting us
>> > + * now with an email to git@vger.kernel.org indicating which platform,
>> > + * you are running on and which version of sudo you used to see if we
>> > + * can provide you a patch that would prevent this issue in the future.
>>
>> Nice. What message does the reporter see?
>
> when using `sudo git status` a rejection of access to the directory they own
It may have been obvious to who wrote the above comment, but it was
not, at least to me.
>> > + */
>> > +static inline void extract_id_from_env(const char *env, uid_t *id)
>> > +{
>> > + const char *real_uid = getenv(env);
>> > +
>> > + /* discard anything empty to avoid a more complex check below */
>> > + if (real_uid && *real_uid) {
>> > + char *endptr = NULL;
>> > + unsigned long env_id;
>> > +
>> > + errno = 0;
>> > + /* silent overflow errors could trigger a bug below */
>>
>> What "bug" are we referring to?
>
> All of them, the ones we decided to ignore because they are irrelevant
> when running as root, and the ones that are documented in the long
> paragraph above.
Likewise. It did not click "a bug below" referred to "your sudo is
behaving in a way different from what we expected".
Thanks.
next prev parent reply other threads:[~2022-05-11 14:59 UTC|newest]
Thread overview: 170+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-26 18:31 [RFC PATCH] git-compat-util: avoid failing dir ownership checks if running priviledged Carlo Marcelo Arenas Belón
2022-04-26 19:48 ` Derrick Stolee
2022-04-26 19:56 ` Junio C Hamano
2022-04-26 20:10 ` rsbecker
2022-04-26 20:45 ` Carlo Arenas
2022-04-26 21:10 ` Junio C Hamano
2022-04-26 20:12 ` Carlo Arenas
2022-04-26 20:26 ` Carlo Arenas
2022-04-29 16:16 ` Derrick Stolee
2022-04-27 0:05 ` [PATCH] git-compat-util: avoid failing dir ownership checks if running privileged Carlo Marcelo Arenas Belón
2022-04-27 9:33 ` Phillip Wood
2022-04-27 12:30 ` Phillip Wood
2022-04-27 14:15 ` rsbecker
2022-04-27 15:58 ` Carlo Arenas
2022-04-27 16:14 ` Phillip Wood
2022-04-27 18:54 ` Junio C Hamano
2022-04-27 20:59 ` Carlo Arenas
2022-04-27 21:09 ` rsbecker
2022-04-27 21:25 ` Junio C Hamano
2022-04-28 17:56 ` Phillip Wood
2022-04-27 15:38 ` Carlo Arenas
2022-04-27 15:50 ` rsbecker
2022-04-27 16:19 ` Junio C Hamano
2022-04-27 16:45 ` Carlo Arenas
2022-04-27 17:22 ` Phillip Wood
2022-04-27 17:49 ` rsbecker
2022-04-27 17:54 ` Carlo Arenas
2022-04-27 18:05 ` rsbecker
2022-04-27 18:11 ` Carlo Arenas
2022-04-27 18:16 ` rsbecker
2022-04-27 16:31 ` Phillip Wood
2022-04-27 16:54 ` Carlo Arenas
2022-04-27 17:28 ` Phillip Wood
2022-04-27 17:49 ` Carlo Arenas
2022-04-27 22:26 ` [RFC PATCH v2] " Carlo Marcelo Arenas Belón
2022-04-27 22:33 ` Junio C Hamano
2022-04-28 3:35 ` [PATCH 0/2] fix `sudo make install` regression in maint Carlo Marcelo Arenas Belón
2022-04-28 3:35 ` [PATCH 1/2] Documentation: explain how safe.directory works when running under sudo Carlo Marcelo Arenas Belón
2022-04-28 5:17 ` Junio C Hamano
2022-04-28 5:58 ` Carlo Arenas
2022-04-28 6:41 ` Junio C Hamano
2022-04-28 3:35 ` [PATCH 2/2] t: add tests for safe.directory when running with sudo Carlo Marcelo Arenas Belón
2022-04-28 5:34 ` Junio C Hamano
2022-04-28 4:57 ` [PATCH 0/2] fix `sudo make install` regression in maint Junio C Hamano
2022-04-28 10:58 ` [PATCH v2 0/3] " Carlo Marcelo Arenas Belón
2022-04-28 10:58 ` [PATCH v2 1/3] git-compat-util: avoid failing dir ownership checks if running privileged Carlo Marcelo Arenas Belón
2022-04-28 18:02 ` Phillip Wood
2022-04-28 18:57 ` Carlo Arenas
2022-04-28 10:58 ` [PATCH v2 2/3] Documentation: explain how safe.directory works when running under sudo Carlo Marcelo Arenas Belón
2022-04-30 6:17 ` Bagas Sanjaya
2022-04-30 6:39 ` Junio C Hamano
2022-04-30 14:15 ` Carlo Marcelo Arenas Belón
2022-04-28 10:58 ` [PATCH v2 3/3] t: add tests for safe.directory when running with sudo Carlo Marcelo Arenas Belón
2022-04-28 16:55 ` Junio C Hamano
2022-04-28 18:08 ` Phillip Wood
2022-04-28 18:12 ` Junio C Hamano
2022-05-06 17:50 ` Carlo Arenas
2022-05-06 21:43 ` Junio C Hamano
2022-05-06 22:57 ` Carlo Arenas
2022-05-06 23:55 ` Junio C Hamano
2022-05-07 11:57 ` Carlo Marcelo Arenas Belón
2022-04-28 19:53 ` rsbecker
2022-04-28 20:22 ` Carlo Arenas
2022-04-28 20:43 ` rsbecker
2022-04-28 20:51 ` Junio C Hamano
2022-04-28 20:56 ` Carlo Arenas
2022-04-28 21:55 ` rsbecker
2022-04-28 22:21 ` Junio C Hamano
2022-04-28 22:45 ` rsbecker
2022-04-28 20:46 ` Junio C Hamano
2022-04-28 20:32 ` Junio C Hamano
2022-04-28 20:40 ` rsbecker
2022-04-28 20:48 ` Carlo Arenas
2022-04-28 21:02 ` Carlo Arenas
2022-04-28 21:07 ` Junio C Hamano
2022-04-29 1:24 ` Carlo Marcelo Arenas Belón
2022-04-29 18:50 ` Junio C Hamano
2022-04-29 20:05 ` Carlo Marcelo Arenas Belón
2022-05-02 18:39 ` [RFC PATCH v3 0/3] fix `sudo make install` regression in maint Carlo Marcelo Arenas Belón
2022-05-02 18:39 ` [RFC PATCH v3 1/3] t: document regression git safe.directory when using sudo Carlo Marcelo Arenas Belón
2022-05-02 21:35 ` Junio C Hamano
2022-05-02 23:07 ` Carlo Arenas
2022-05-02 18:39 ` [RFC PATCH v3 2/3] git-compat-util: avoid failing dir ownership checks if running privileged Carlo Marcelo Arenas Belón
2022-05-02 18:39 ` [RFC PATCH v3 3/3] t0034: enhance framework to allow testing more commands under sudo Carlo Marcelo Arenas Belón
2022-05-02 22:10 ` Junio C Hamano
2022-05-03 0:00 ` Carlo Arenas
2022-05-03 6:54 ` [PATCH v3 0/3] fix `sudo make install` regression in maint Carlo Marcelo Arenas Belón
2022-05-03 6:54 ` [PATCH v3 1/3] t: document regression git safe.directory when using sudo Carlo Marcelo Arenas Belón
2022-05-03 14:03 ` Phillip Wood
2022-05-03 15:56 ` Carlo Marcelo Arenas Belón
2022-05-04 11:15 ` Phillip Wood
2022-05-04 13:02 ` Carlo Arenas
2022-05-04 14:11 ` Phillip Wood
2022-05-05 13:44 ` Johannes Schindelin
2022-05-05 14:34 ` Phillip Wood
2022-05-05 15:50 ` Junio C Hamano
2022-05-05 18:33 ` Junio C Hamano
2022-05-05 19:39 ` Junio C Hamano
2022-05-06 21:03 ` Carlo Arenas
2022-05-09 8:21 ` Phillip Wood
2022-05-09 14:51 ` Carlo Arenas
2022-05-09 15:18 ` Phillip Wood
2022-05-09 16:01 ` Junio C Hamano
2022-05-09 16:21 ` Carlo Arenas
2022-05-06 17:39 ` Carlo Arenas
2022-05-03 6:54 ` [PATCH v3 2/3] git-compat-util: avoid failing dir ownership checks if running privileged Carlo Marcelo Arenas Belón
2022-05-05 14:01 ` Johannes Schindelin
2022-05-05 14:32 ` Phillip Wood
2022-05-06 19:15 ` Carlo Arenas
2022-05-06 20:00 ` Junio C Hamano
2022-05-06 20:22 ` Carlo Arenas
2022-05-06 20:59 ` Junio C Hamano
2022-05-06 21:40 ` Carlo Arenas
2022-05-06 21:07 ` rsbecker
2022-05-05 16:09 ` Junio C Hamano
2022-05-06 20:02 ` Carlo Arenas
2022-05-03 6:54 ` [PATCH v3 3/3] t0034: enhance framework to allow testing more commands under sudo Carlo Marcelo Arenas Belón
2022-05-03 14:12 ` Phillip Wood
2022-05-03 15:27 ` Junio C Hamano
2022-05-06 16:54 ` Carlo Arenas
2022-05-07 16:35 ` [RFC PATCH v4 0/3] fix `sudo make install` regression in maint Carlo Marcelo Arenas Belón
2022-05-07 16:35 ` [RFC PATCH v4 1/3] t: regression git needs safe.directory when using sudo Carlo Marcelo Arenas Belón
2022-05-07 16:35 ` [RFC PATCH v4 2/3] git-compat-util: avoid failing dir ownership checks if running privileged Carlo Marcelo Arenas Belón
2022-05-07 17:34 ` Junio C Hamano
2022-05-07 18:56 ` Carlo Marcelo Arenas Belón
2022-05-09 16:54 ` Junio C Hamano
2022-05-09 17:36 ` rsbecker
2022-05-09 18:48 ` Carlo Arenas
2022-05-09 19:16 ` rsbecker
2022-05-09 19:41 ` Junio C Hamano
2022-05-07 16:35 ` [RFC PATCH v4 3/3] t0034: add negative tests and allow git init to mostly work under sudo Carlo Marcelo Arenas Belón
2022-05-10 14:17 ` [RFC PATCH v4 0/3] fix `sudo make install` regression in maint Phillip Wood
2022-05-10 15:47 ` Carlo Arenas
2022-05-10 17:46 ` [PATCH " Carlo Marcelo Arenas Belón
2022-05-10 17:46 ` [PATCH v4 1/3] t: regression git needs safe.directory when using sudo Carlo Marcelo Arenas Belón
2022-05-10 22:10 ` Junio C Hamano
2022-05-10 23:11 ` Carlo Arenas
2022-05-10 23:44 ` Junio C Hamano
2022-05-11 0:56 ` Carlo Arenas
2022-05-11 1:11 ` Junio C Hamano
2022-05-10 17:46 ` [PATCH v4 2/3] git-compat-util: avoid failing dir ownership checks if running privileged Carlo Marcelo Arenas Belón
2022-05-10 22:57 ` Junio C Hamano
2022-05-11 7:34 ` Carlo Arenas
2022-05-11 14:58 ` Junio C Hamano [this message]
2022-05-10 17:46 ` [PATCH v4 3/3] t0034: add negative tests and allow git init to mostly work under sudo Carlo Marcelo Arenas Belón
2022-05-10 23:11 ` Junio C Hamano
2022-05-10 23:25 ` Junio C Hamano
2022-05-11 14:04 ` Carlo Arenas
2022-05-11 15:29 ` Junio C Hamano
2022-05-13 1:00 ` [PATCH v5 0/4] fix `sudo make install` regression in maint Carlo Marcelo Arenas Belón
2022-05-13 1:00 ` [PATCH v5 1/4] t: regression git needs safe.directory when using sudo Carlo Marcelo Arenas Belón
2022-06-03 12:12 ` SZEDER Gábor
2022-05-13 1:00 ` [PATCH v5 2/4] git-compat-util: avoid failing dir ownership checks if running privileged Carlo Marcelo Arenas Belón
2022-06-03 11:05 ` SZEDER Gábor
2022-06-03 16:54 ` Junio C Hamano
2022-06-03 17:34 ` SZEDER Gábor
2022-05-13 1:00 ` [PATCH v5 3/4] t0034: add negative tests and allow git init to mostly work under sudo Carlo Marcelo Arenas Belón
2022-05-13 1:20 ` Junio C Hamano
2022-05-14 14:36 ` Carlo Arenas
2022-05-15 16:54 ` Junio C Hamano
2022-05-15 19:21 ` Carlo Arenas
2022-05-16 5:27 ` Junio C Hamano
2022-05-16 13:07 ` Carlo Marcelo Arenas Belón
2022-05-16 16:25 ` Junio C Hamano
2022-05-13 1:00 ` [PATCH v5 4/4] git-compat-util: allow root to access both SUDO_UID and root owned Carlo Marcelo Arenas Belón
2022-06-15 14:02 ` Johannes Schindelin
2022-06-17 14:26 ` Carlo Arenas
2022-06-17 16:00 ` Junio C Hamano
2022-06-17 20:23 ` [PATCH v6] " Carlo Marcelo Arenas Belón
2022-06-17 21:02 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqtu9wm7zj.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=bagasdotme@gmail.com \
--cc=carenas@gmail.com \
--cc=git@vger.kernel.org \
--cc=guy.j@maurel.de \
--cc=phillip.wood123@gmail.com \
--cc=rsbecker@nexbridge.com \
--cc=szeder.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.