From: Junio C Hamano <gitster@pobox.com>
To: git@vger.kernel.org
Cc: Ondrej Pohorelsky <opohorel@redhat.com>,
Johannes Schindelin <Johannes.Schindelin@gmx.de>,
Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Subject: Re: git-daemon doesn't work as expected in v2.45.1 and friends
Date: Tue, 21 May 2024 13:40:46 -0700 [thread overview]
Message-ID: <xmqq7cfmaofl.fsf@gitster.g> (raw)
In-Reply-To: <xmqq5xv7chud.fsf@gitster.g> (Junio C. Hamano's message of "Tue, 21 May 2024 08:20:10 -0700")
Junio C Hamano <gitster@pobox.com> writes:
> Reverting f4aa8c8b may not be easy to do mechanically, as it
> introduces the die_upon_dubious_ownership(), but 1204e1a8 uses an
> identical copy of the same function introduced by 8c9c051b (setup.c:
> introduce `die_upon_dubious_ownership()`, 2024-04-15), and reverting
> f4aa8c8b mechanically out of the merged result in v2.45.1 would
> likely to remove the function that is still in use, which would need
> to be retained.
Well the result can be seen at
https://lore.kernel.org/git/20240521195659.870714-1-gitster@pobox.com/
but I am inclined to say that its [12/12] (partial reversion of
f4aa8c8b) is highly questionable, after thinking about it a bit
more. It is true that you can run git-daemon as 'nobody', let it
peek into repositories owned by real users, feeling safe that
'nobody' would not be able to harm these repositories at all.
But unless this is a tightly controlled hosting environment where no
repository owned by "real users" have malicious hooks and config
files, a "real user" could attack "nobody", and the safe.directory
mechanism that is over-agressive in denying things may alleviate the
problem. At places like k.org where the repository data including
its hooks and configuration files are trusted, setting up the
configuration safe.directory in the ~nobody/.gitconfig to cover the
real user repositories would probably be a simple enough workaround.
prev parent reply other threads:[~2024-05-21 20:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-20 8:21 git-daemon doesn't work as expected in v2.45.1 and friends Ondrej Pohorelsky
2024-05-21 13:27 ` Konstantin Ryabitsev
2024-05-21 15:20 ` Junio C Hamano
2024-05-21 20:40 ` Junio C Hamano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq7cfmaofl.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=konstantin@linuxfoundation.org \
--cc=opohorel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).