From: Phillip Wood <phillip.wood123@gmail.com>
To: "Carlo Marcelo Arenas Belón" <carenas@gmail.com>, git@vger.kernel.org
Cc: Johannes.Schindelin@gmx.de, junio@pobox.com
Subject: Re: [PATCH v2] setup: tighten ownership checks post CVE-2022-24765
Date: Thu, 5 May 2022 13:04:21 +0100 [thread overview]
Message-ID: <5d7ace7c-17d3-591d-6cca-ba5223449609@gmail.com> (raw)
In-Reply-To: <41ec8c09-f31f-46ce-d6ec-4b6fdd78228a@gmail.com>
On 05/05/2022 10:40, Phillip Wood wrote:
> [...]
>> To avoid that, extend the ensure_valid_ownership function to be able to
>> check for ownership of both the worktree and the gitdir, and use that for
>> non bare repositories.
>
> Looking at the code below it now only ever checks the ownership of the
> gitdir, it no longer checks the ownership of the worktree. I haven't
> really thought through what happens if I cd into a worktree added by an
> attacker to a repository that I own which has extentions.worktreeConfig
> set. My initial thought is that if they can add a worktree then they can
> probably edit the repository config anyway but I wonder if an attacker
> can set GIT_COMMON_DIR to a directory where they have write permission
> to add a worktree to a repository where they don't have write permission.
Thinking about this some more, I don't think setting GIT_COMMON_DIR
while running "git worktree add" will help an attacker as the worktree's
gitdir is created under the main gitdir. I've had a bit of a think and
I've not been able to come up with a senario where GIT_DIR and
GIT_COMMON_DIR have different owners that is exploitable but it might be
worth someone else checking I've not missed something.
Best Wishes
Phillip
next prev parent reply other threads:[~2022-05-05 12:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220504184401.17438-1-carenas@gmail.com>
2022-05-05 0:50 ` [PATCH v2] setup: tighten ownership checks post CVE-2022-24765 Carlo Marcelo Arenas Belón
2022-05-05 9:40 ` Phillip Wood
2022-05-05 12:04 ` Phillip Wood [this message]
2022-05-05 13:14 ` Derrick Stolee
2022-05-05 13:58 ` Derrick Stolee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5d7ace7c-17d3-591d-6cca-ba5223449609@gmail.com \
--to=phillip.wood123@gmail.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=carenas@gmail.com \
--cc=git@vger.kernel.org \
--cc=junio@pobox.com \
--cc=phillip.wood@dunelm.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).