From: Sitaram Chamarty <sitaramc@gmail.com>
To: Shawn Pearce <spearce@spearce.org>
Cc: Martin L Resnick <mresnick@bbn.com>,
"R. Tyler Croy" <tyler@monkeypox.org>,
git@vger.kernel.org
Subject: Re: ACLs for GIT
Date: Tue, 17 May 2011 17:38:11 +0530 [thread overview]
Message-ID: <BANLkTimPbQe7DGmR0VvDkU3=ZNjcAu7axw@mail.gmail.com> (raw)
In-Reply-To: <BANLkTi=9vp+ibVa3tQzXbZSeYATKwmF60Q@mail.gmail.com>
On Tue, May 17, 2011 at 7:19 AM, Shawn Pearce <spearce@spearce.org> wrote:
> On Mon, May 16, 2011 at 18:32, Sitaram Chamarty <sitaramc@gmail.com> wrote:
>> PS: Gitolite does have unreleased code to do this but it's a hack with
>> several limitations. Gitolite makes a temp "clone -l", deletes all
>> refs from it that the user has no access to, then redirects the
>> git-upload-pack to that repo instead ;-)
>
> Cute hack. Doesn't prevent the evil client from making an indirect
> reference to something you shouldn't have. :-)
You mean he constructs a commit that references a SHA he should not be
having, pushes that to the branch he is allowed to read/write, then
pulls it down again to now really get that commit?
Yeah, I started writing a hook that looks at `rev-list
oldsha..newsha`, and for each commit run `git branch --contains SHA`
and make sure it either (a) is totally new to the repo, ie no ref
contains this commit or (b) at least one of the refs that contains
this commit is allowed for this user.
I haven't had time to do that though. Also, if there has been a
rewind/force-push and the attacker knows the now unreachable SHA, this
would not catch it (it'd look like a totally new commit). That's a
hard one.
Having two repos is still the best plan ;-)
next prev parent reply other threads:[~2011-05-17 12:08 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-15 19:24 ACLs for GIT Martin L Resnick
2011-05-15 20:15 ` Magnus Bäck
2011-05-16 13:22 ` Martin L Resnick
2011-05-16 15:26 ` Richard Peterson
2011-05-16 15:33 ` Phil Hord
2011-05-16 15:36 ` Martin L Resnick
2011-05-16 16:28 ` Jakub Narebski
2011-05-15 20:16 ` R. Tyler Croy
2011-05-16 13:22 ` Martin L Resnick
2011-05-17 1:32 ` Sitaram Chamarty
2011-05-17 1:49 ` Shawn Pearce
2011-05-17 12:08 ` Sitaram Chamarty [this message]
2011-05-17 14:06 ` Shawn Pearce
2011-05-17 15:41 ` Sitaram Chamarty
2011-05-15 20:28 ` Marc Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='BANLkTimPbQe7DGmR0VvDkU3=ZNjcAu7axw@mail.gmail.com' \
--to=sitaramc@gmail.com \
--cc=git@vger.kernel.org \
--cc=mresnick@bbn.com \
--cc=spearce@spearce.org \
--cc=tyler@monkeypox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).