git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Junio C Hamano <gitster@pobox.com>
To: git@vger.kernel.org
Cc: Petr Baudis <pasky@suse.cz>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	"Shawn O. Pearce" <spearce@spearce.org>,
	Johannes Schindelin <Johannes.Schindelin@gmx.de>
Subject: Not going beyond symbolic links
Date: Mon, 04 Aug 2008 00:49:02 -0700	[thread overview]
Message-ID: <7vej5543v5.fsf_-_@gitster.siamese.dyndns.org> (raw)
In-Reply-To: <7v8wvpm9cl.fsf@gitster.siamese.dyndns.org> (Junio C. Hamano's message of "Fri, 25 Jul 2008 23:46:02 -0700")

Junio C Hamano <gitster@pobox.com> writes:

> A symlink to us is just a different kind of blob, and by definition a blob
> is the leaf level of a tree structure that represents the working tree in
> the index. There won't be anything hanging below it, and when adding
> things to the index we should not dereference the symlink to see where it
> leads to.
>
> Traditionally we have been loose about this check, and the normal "git
> add" and "git update-index" codepath is still forever broken, and we
> allow:
>
>       $ mkdir dir
>       $ >dir/file
>       $ ln -s dir symlink
>       $ git add symlink/file
>
> but some codepaths that matter more (because they do larger damage
> unattended, as opposed to the above command sequence that can be avoided
> by user education a bit more easily), such as "git apply" and "git
> read-tree", have been corrected using has_symlink_leading_path() since mid
> 2007.  We would need to follow through c40641b (Optimize symlink/directory
> detection, 2008-05-09) and further fix "git add" and "git update-index"
> codepaths to forbid the above command sequence.

I started to revisit this issue and patched "git update-index --add"
and "git add" so far.  Patches follow.

I think we should also check the following and fix them if any of them is
broken.  Under the same "dir/file exists but symlink points at dir"
scenario:

 * "git rm symlink/file" --- should fail without removing dir/file;

 * "git ls-tree $commit -- symlink/file" should *not* fail if $commit does
   have "symlink/file" in it (iow, we cannot add the logic to get_pathspec());

 * "git ls-files --exclude-standard -o -- symlink/file" should not talk
   about "symlink/file".

If we reword the paragraph I quoted at the beginning of this message
slightly:

	A gitlink to is is just a leaf level of a tree structure that
	represents the working tree in the index.  There won't be anything
	hanging below it.

We would need a similar check to stop at module boundary, just like the
helper function we use for these patches, has_symlink_leading_path(),
stops at a symlink.

So without further ado...

  parent reply	other threads:[~2008-08-04  7:51 UTC|newest]

Thread overview: 56+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-16 19:11 [RFC][PATCH 0/7] Submodule support in git mv, git rm Petr Baudis
2008-07-16 19:11 ` [PATCH 1/7] git-mv: Remove dead code branch Petr Baudis
2008-07-16 19:11 ` [PATCH 2/7] t7400: Add short "git submodule add" testsuite Petr Baudis
2008-07-16 19:11 ` [PATCH 3/7] git submodule add: Fix naming clash handling Petr Baudis
2008-07-16 19:11 ` [PATCH 4/7] submodule.*: Introduce simple C interface for submodule lookup by path Petr Baudis
2008-07-16 19:11 ` [PATCH 5/7] git mv: Support moving submodules Petr Baudis
2008-07-17  2:37   ` Junio C Hamano
2008-07-17 13:06     ` Petr Baudis
2008-07-17 22:31       ` [PATCH] git-mv: Keep moved index entries inact Petr Baudis
2008-07-17 22:34         ` [PATCH] git mv: Support moving submodules Petr Baudis
2008-07-19 23:54         ` [PATCH] git-mv: Keep moved index entries inact Junio C Hamano
2008-07-21  0:23           ` Petr Baudis
2008-07-21  0:25             ` [PATCHv2] " Petr Baudis
2008-07-21  4:36               ` Junio C Hamano
2008-07-26  6:46               ` Junio C Hamano
2008-07-27 13:41                 ` Petr Baudis
2008-07-27 13:47                   ` [PATCH] t/t7001-mv.sh: Propose ability to use git-mv on conflicting entries Petr Baudis
2008-07-28  1:13                     ` Junio C Hamano
2008-07-28  1:21                       ` Junio C Hamano
2008-07-28 14:20                 ` [PATCHv2] git-mv: Keep moved index entries inact SZEDER Gábor
2008-07-28 15:06                   ` Johannes Schindelin
2008-07-28 15:14                     ` Johannes Schindelin
2008-07-28 18:24                       ` Johannes Schindelin
2008-07-28 19:19                     ` Junio C Hamano
2008-07-28 23:41                       ` Johannes Schindelin
2008-07-28 23:55                         ` Johannes Schindelin
2008-07-29  0:17                       ` Petr Baudis
2008-07-29  0:46                         ` Junio C Hamano
2008-07-29  5:23                           ` Junio C Hamano
2008-08-04  7:49                 ` Junio C Hamano [this message]
2008-08-04  7:51                   ` [PATCH 1/2] update-index: refuse to add working tree items beyond symlinks Junio C Hamano
2008-08-04  7:52                   ` [PATCH 2/2] add: " Junio C Hamano
2008-08-05  0:21                   ` Not going beyond symbolic links Linus Torvalds
2008-08-05  0:54                     ` Junio C Hamano
2008-08-05  1:43                       ` Linus Torvalds
2008-08-05  1:59                         ` Johannes Schindelin
2008-08-05  2:28                           ` Linus Torvalds
2008-08-05  6:11                             ` Junio C Hamano
2008-08-05 12:54                               ` Dmitry Potapov
2008-08-05 23:57                                 ` Junio C Hamano
2008-08-05 17:15                               ` Linus Torvalds
2008-08-05  4:44                           ` Junio C Hamano
2008-08-05 11:23                             ` Johannes Schindelin
2008-08-05  3:01                         ` Junio C Hamano
2008-08-05  3:04                           ` david
2008-08-07  6:52                     ` Junio C Hamano
2008-08-08 20:55                       ` Junio C Hamano
2008-08-08 23:45                         ` Linus Torvalds
2008-07-21  1:20             ` [PATCH] git-mv: Keep moved index entries inact Johannes Schindelin
2008-07-21  7:18               ` Petr Baudis
2008-07-21  7:38                 ` Junio C Hamano
2008-07-16 19:11 ` [PATCH 6/7] git rm: Support for removing submodules Petr Baudis
2008-07-16 22:41   ` Johannes Schindelin
2008-07-17 12:35     ` Petr Baudis
2008-07-17 12:59       ` Johannes Schindelin
2008-07-16 19:11 ` [PATCH 7/7] t7403: Submodule git mv, git rm testsuite Petr Baudis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7vej5543v5.fsf_-_@gitster.siamese.dyndns.org \
    --to=gitster@pobox.com \
    --cc=Johannes.Schindelin@gmx.de \
    --cc=git@vger.kernel.org \
    --cc=pasky@suse.cz \
    --cc=spearce@spearce.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).