From: Junio C Hamano <gitster@pobox.com>
To: "Shawn O. Pearce" <spearce@spearce.org>
Cc: git@vger.kernel.org
Subject: Re: git-daemon is insecure?
Date: Sun, 27 Jan 2008 19:00:13 -0800 [thread overview]
Message-ID: <7vk5luwt6q.fsf@gitster.siamese.dyndns.org> (raw)
In-Reply-To: <20080128001655.GY24004@spearce.org> (Shawn O. Pearce's message of "Sun, 27 Jan 2008 19:16:55 -0500")
"Shawn O. Pearce" <spearce@spearce.org> writes:
> With regards to this patch, yes, you can export your entire $HOME
> and maybe expose things you shouldn't or didn't want to.
That was not what I meant. git-daemon running as nobody.project
will allow read access to project group's files, and the
whitelisting and --base-path are ways to limit it to files that
are in the repository. But the process still has the power to
read files outside that can be read nobody user or project
group, the only thing needed is for git-daemon and whatever it
spawn to have bugs.
But the point is that "power to read files outside" is still
limited to nobody.project, even if there are such bugs to allow
it escape the whitelist/base-path jail. It won't extend to
anybody's $HOME.
If you run git-daemon as spearce.spearce, you cannot rely on
that built-in limitation.
next prev parent reply other threads:[~2008-01-28 3:00 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-27 10:39 [RFC] Secure central repositories by UNIX socket authentication Shawn O. Pearce
2008-01-27 14:04 ` Johannes Schindelin
2008-01-27 17:32 ` Shawn O. Pearce
2008-01-27 18:51 ` Johannes Schindelin
2008-01-28 0:54 ` Shawn O. Pearce
2008-01-28 8:14 ` Dmitry Potapov
2008-01-27 22:56 ` Junio C Hamano
2008-01-28 0:16 ` git-daemon is insecure? (was: [RFC] Secure central repositories) Shawn O. Pearce
2008-01-28 3:00 ` Junio C Hamano [this message]
2008-01-28 3:20 ` git-daemon is insecure? Shawn O. Pearce
2008-01-28 0:47 ` [RFC] Secure central repositories by UNIX socket authentication Shawn O. Pearce
2008-01-28 7:25 ` Junio C Hamano
2008-01-28 7:51 ` Shawn O. Pearce
2008-01-28 14:23 ` Asheesh Laroia
2008-01-29 3:11 ` Shawn O. Pearce
2008-01-28 7:56 ` Shawn O. Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vk5luwt6q.fsf@gitster.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).