RE: [BUG] fatal: transport 'file' not allowed during submodule add

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: <rsbecker@nexbridge.com>
To: "'Jonathan Nieder'" <jrnieder@gmail.com>
Cc: "'Junio C Hamano'" <gitster@pobox.com>,
	"'Taylor Blau'" <me@ttaylorr.com>, <git@vger.kernel.org>
Subject: RE: [BUG] fatal: transport 'file' not allowed during submodule add
Date: Wed, 28 Dec 2022 17:25:00 -0500	[thread overview]
Message-ID: <013501d91b0b$3cd4ceb0$b67e6c10$@nexbridge.com> (raw)
In-Reply-To: <Y6y+zkUsPhknTYH/@google.com>

On December 28, 2022 5:11 PM, Jonathan Nieder wrote:
>Hi Randall,
>
>rsbecker@nexbridge.com wrote:
>> Junio C Hamano wrote:
>
>>> This suspiciously sounds like what a1d4f67c (transport: make
>>> `protocol.file.allow` be "user" by default, 2022-07-29) is doing
deliberately.
>>
>> I have tried using 'git config --local protocol.file.allow always'
>> and/or 'git config --local protocol.allow always' to get past this,
>> without success.
>
>Does `git config --global protocol.file.allow always` do the trick?

I tried git config --local protocol.file.allow always after the initial
clone. This should work but does not.
I also tried git config --global protocol.file.allow always before the
initial clone.  This also did not work.

>>>                                                           Taylor,
>>> does this look like a corner case the 2.30.6 updates forgot to consider?
>
>I think it's the intended effect (preventing file:// submodules), but I
wonder if this
>hints that we'd want that protection to be more targeted.  A file://
submodule (as
>opposed to a bare path without URL
>scheme) wouldn't trigger the "git clone --local" behavior that that commit
>mentions wanting to protect against, so at first glance it would appear to
be no
>more or less dangerous than cloning from a remote repository.
>
>One thing I'd be curious about is whether --local happening automatically
is
>actually worth it nowadays.  "git worktree" does a better job of sharing
with an
>existing local repository, since the sharing continues even after the
worktree has
>been created, after any "git gc" operations, and so on.  Meanwhile, the
distinction
>between file:// and bare paths is subtle enough that I regularly encounter
people
>not being aware of it (for example when wanting a way to test protocol code
>locally and not understanding why a bare-path clone doesn't do that).
Would it be
>more in the spirit of secure defaults to require --local when someone wants
to
>request the hardlinking trick of local clone?

I think the risk of someone hacking a hardlink is less risky than someone
misdirecting a remote site not under a user's direct control.

The tests I did show the same behaviour no matter which combination of the
above. --local appears to be implied, at least there is no apparent
behavioural difference between specifying the argument and not.

--Randall

next prev parent reply	other threads:[~2022-12-28 22:25 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-27 23:00 [BUG] fatal: transport 'file' not allowed during submodule add rsbecker
2022-12-28  3:34 ` Junio C Hamano
2022-12-28 14:42   ` rsbecker
2022-12-28 22:10     ` Jonathan Nieder
2022-12-28 22:25       ` rsbecker [this message]
2022-12-30 21:08       ` Taylor Blau
2022-12-30 21:48         ` rsbecker
2023-01-03  8:57         ` Jeff King
2022-12-30 21:04     ` Taylor Blau
2022-12-30 21:43       ` rsbecker
2022-12-30 23:16       ` rsbecker
2022-12-30 20:15   ` rsbecker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='013501d91b0b$3cd4ceb0$b67e6c10$@nexbridge.com' \
    --to=rsbecker@nexbridge.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=jrnieder@gmail.com \
    --cc=me@ttaylorr.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).