Shared bare repository dubious ownership error after 2.40.1-r0

Shared bare repository dubious ownership error after 2.40.1-r0

[Mike Lodispoto]

Hello,

I use bare shared repositories on Alpine Edge, which have been working 
perfectly until I updated git recently (from 2.38.5-r0 to 2.45.2-r1).

My setup is a git user which owns all repositories (/home/git/*.git). 
Each repository has a group, so the ownership is git:projectname. The 
group has the same permissions as the user (-rw-rw----)

To give access to the repository, I have a user set up for the 
developer, and then I add them to the group. Each repository was 
initialized with 'git init --bare --shared'. In the config file, 
'sharedrepository = 1' is set under [core].

My issue is that somewhere between 2.40.1-r0 and 2.43.4-r0 on the 
server, I start getting the following error on the server with a user in 
the group, and remotely (tried with client version 2.39.2 and 2.45.2) 
through a user in the group:

| $ git pull
| fatal: detected dubious ownership in repository at '/home/git/project.git'
| To add an exception for this directory, call:
|
|         git config --global --add safe.directory /home/git/project.git
| fatal: Could not read from remote repository.
|
| Please make sure you have the correct access rights
| and the repository exists.

When using git 2.40.1-r0 or below, it all works and I get this:

| $ git pull
| Already up to date.

Is there a breaking change I missed that I need to change my 
configuration for?

Thank you,

Michael Lodispoto

Re: Shared bare repository dubious ownership error after 2.40.1-r0

[Colin Stagner]

Mike,

On 7/10/24 18:16, Mike Lodispoto wrote:
> | $ git pull
> | fatal: detected dubious ownership in repository at
This appears to be known behavior introduced as a fix for 
CVE-2024-32004. It appears that the safe.directory restrictions now 
apply to fetch and clone as well. See the release notes for v2.45.1 [1].

You can fix this by adding the path containing your repositories to the 
safe.directory configuration parameter as Git recommends. Whether or not 
you should is another matter—this can expose your devs to attacks from 
other user accounts.

I also have small workgroups that use NFS and other network filesystems 
to share repositories. Are there any plans to make cloning a local 
repository safe?

Colin

References

[1]: <https://lore.kernel.org/git/xmqqv83g4937.fsf@gitster.g/>

Re: Shared bare repository dubious ownership error after 2.40.1-r0

[Ben Zanin]

Mike,

It's a long thread that began with the proposal for a new feature, but
there is some valuable discussion midway down about mitigations that are
already in place for the symptom you're describing, and some good
analysis about the tradeoffs of exercising each one:

https://lore.kernel.org/git/20240626123358.420292-1-flo@geekplace.eu/t/

-- 
	Ben