Re: safe.directory warnings for root-owned repositories

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Caleb White <cdwhite3@pm.me>
To: Michael Orlitzky <michael@orlitzky.com>, git@vger.kernel.org
Subject: Re: safe.directory warnings for root-owned repositories
Date: Thu, 31 Oct 2024 05:38:00 +0000	[thread overview]
Message-ID: <D59QZ1P3KSNB.ZXDHUA5HGC97@pm.me> (raw)
In-Reply-To: <ZyMGKHTnZDQ5JVuo@mertle>

On Wed Oct 30, 2024 at 11:23 PM CDT, Michael Orlitzky wrote:
> If I create a new repository as root,
>
>   $ sudo git init
>   Initialized empty Git repository in /home/mjo/tmp/.git/
>
>   $ ls -alh
>   total 12K
>   drwxr-xr-x  3 mjo  mjo  4.0K 2024-10-31 00:09 .
>   drwxr-x--- 17 mjo  mjo  4.0K 2024-10-31 00:07 ..
>   drwxr-xr-x  6 root root 4.0K 2024-10-31 00:09 .git
>
> and attempt to do anything in it, I get a safe.directory warning:
>
>   $ git status
>   fatal: detected dubious ownership in repository at '/home/mjo/tmp'
>   ...
>
> Does that make sense? In terms of ownership, root:root is as safe as
> it gets.
>
> I'm aware that safe.directory is only scratching the surface of these
> "doing things in a directory that someone else can write to" exploits,
> but within the limited scope of this one feature, root ownership does
> not strike me as particularly dubious.

The dubious ownership check simply reports that the directory is owned by
someone other than the user running the command, with no special handling
for the root user. While the error might not make the most sense in this
context, I'm not sure that it's worth special-casing the root user
(really the user with id = 0 as it might not be named `root`) in the
implementation.

Why would you initialize a repository as `root` in the first place?

Best,
Caleb

next prev parent reply	other threads:[~2024-10-31  5:38 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-31  4:23 safe.directory warnings for root-owned repositories Michael Orlitzky
2024-10-31  5:38 ` Caleb White [this message]
2024-10-31 12:15   ` Michael Orlitzky
2024-10-31 20:04     ` Taylor Blau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D59QZ1P3KSNB.ZXDHUA5HGC97@pm.me \
    --to=cdwhite3@pm.me \
    --cc=git@vger.kernel.org \
    --cc=michael@orlitzky.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).