From: Andreas Ericsson <ae@op5.se>
To: Jose Luis Rivas Contreras <ghostbar38@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: git-daemon whitelist issue
Date: Mon, 26 May 2008 11:06:11 +0200 [thread overview]
Message-ID: <483A7D83.2000501@op5.se> (raw)
In-Reply-To: <4838208A.6020205@gmail.com>
Jose Luis Rivas Contreras wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> [Please CC me, I'm not subscribed]
>
> Hi, I know this will be a dummy question but I cannot find how to solve
> this trying in several ways but none of them work. The issue is that
> when I try to clone I get:
>
> May 24 09:25:39 jooga git-daemon: [14724]
> '/home/repo/git/xscreensaver.git': not in whitelist
>
> My git-daemon conf is this:
> 8< -----
> service git
> {
> disable = no
> type = UNLISTED
> socket_type = stream
> protocol = tcp
> user = nobody
> wait = no
> server = /usr/bin/git-daemon
> server_args = --inetd --export-all
> }
> 8< -----
>
> I've tried with `--inetd --export-all /home/repo/git', `--inetd
> - --export-all --base-path=/home/repo/git /home/repo/git', with
> interpolated to with a symlink but nothing works, I'm trying with:
>
Specifying a symlinked path won't work. git-daemon (being of the
one-shot-fork school of programs) simply does a chdir() to the
requested directory and then getcwd(), which will never consider
symlinks. This is a security feature, since directory recursion
attacks will never ever work.
> git clone git://repo.ghostbar.ath.cx/home/repo/git/xscreensaver.git noseless
>
When you specify base-path, you tell git-daemon to prepend the
base-path to the directory the user requests.
Start git-daemon like this:
git-daemon --base-path=/home/repo/git --export-all
then do
git clone git://repo.ghostbar.ath.cx/xscreensaver.git
and it should work, assuming /home/repo/git/xscreensaver.git
has no symlinks in it.
--
Andreas Ericsson andreas.ericsson@op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
prev parent reply other threads:[~2008-05-26 9:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-24 14:04 git-daemon whitelist issue Jose Luis Rivas Contreras
2008-05-26 9:06 ` Andreas Ericsson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=483A7D83.2000501@op5.se \
--to=ae@op5.se \
--cc=ghostbar38@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).