Re: [PATCH v2] config: preserve config file permissions on edits

[Johannes Sixt <j.sixt@viscovery.net>]

Am 5/6/2014 2:17, schrieb Eric Wong:
> Users may already store sensitive data such as imap.pass in
> ..git/config; making the file world-readable when "git config"
> is called to edit means their password would be compromised
> on a shared system.
> 
> [v2: updated for section renames, as noted by Junio]
> 
> Signed-off-by: Eric Wong <normalperson@yhbt.net>
> ---
>  config.c               | 16 ++++++++++++++++
>  t/t1300-repo-config.sh | 10 ++++++++++
>  2 files changed, 26 insertions(+)
> 
> diff --git a/config.c b/config.c
> index a30cb5c..c227aa8 100644
> --- a/config.c
> +++ b/config.c
> @@ -1636,6 +1636,13 @@ int git_config_set_multivar_in_file(const char *config_filename,
>  			MAP_PRIVATE, in_fd, 0);
>  		close(in_fd);
>  
> +		if (fchmod(fd, st.st_mode & 07777) < 0) {
> +			error("fchmod on %s failed: %s",
> +				lock->filename, strerror(errno));
> +			ret = CONFIG_NO_WRITE;
> +			goto out_free;
> +		}

This introduces a severe failure in the Windows port because we do not
implement fchmod. Existing fchmod invocations do not check the return
value, and they are only interested in removing the write bits, and we
generally don't care a lot if files remain writable.

I'm not proficient enough to add any ACL fiddling to fchmod that would be
required by the above change, whose purpose is to be strict about
permissions. Nor am I interested (who the heck is sharing a Windows box
anyway? ;-)

Therefore, here's just a work-around patch to keep things going on
Windows. Any opinions from the Windows corner?

--- >8 ---
From: Johannes Sixt <j6t@kdbg.org>
Subject: [PATCH] mingw: turn the always-failing fchmod stub into always-succeeding

A recent change introduced new call sites of fchmod, but these new call
sites check the return value. The test suite can't get past t0001
without a dozen or so failures.

Just fake that the call was successful even though it did nothing.

Signed-off-by: Johannes Sixt <j6t@kdbg.org>
---
 compat/mingw.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compat/mingw.h b/compat/mingw.h
index c3859cc..7b2455c 100644
--- a/compat/mingw.h
+++ b/compat/mingw.h
@@ -89,7 +89,7 @@ static inline int readlink(const char *path, char *buf, size_t bufsiz)
 static inline int symlink(const char *oldpath, const char *newpath)
 { errno = ENOSYS; return -1; }
 static inline int fchmod(int fildes, mode_t mode)
-{ errno = ENOSYS; return -1; }
+{ /* do nothing */ return 0; }
 static inline pid_t fork(void)
 { errno = ENOSYS; return -1; }
 static inline unsigned int alarm(unsigned int seconds)
-- 
2.0.0.rc3.1741.g0520b9e

-- 
-- 
*** Please reply-to-all at all times ***
*** (do not pretend to know who is subscribed and who is not) ***
*** Please avoid top-posting. ***
The msysGit Wiki is here: https://github.com/msysgit/msysgit/wiki - Github accounts are free.

You received this message because you are subscribed to the Google
Groups "msysGit" group.
To post to this group, send email to msysgit@googlegroups.com
To unsubscribe from this group, send email to
msysgit+unsubscribe@googlegroups.com
For more options, and view previous threads, visit this group at
http://groups.google.com/group/msysgit?hl=en_US?hl=en

--- 
You received this message because you are subscribed to the Google Groups "msysGit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to msysgit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.