From: Junio C Hamano <gitster@pobox.com>
To: Kyle Lippincott <spectral@google.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 2/2] setup: make bareRepository=explicit work in GIT_DIR of a secondary worktree
Date: Fri, 08 Mar 2024 17:14:42 -0800 [thread overview]
Message-ID: <xmqqttlgdx4t.fsf@gitster.g> (raw)
In-Reply-To: <CAO_smVjD8DFcvveAg2iiWGhtNJGCT1ieAUzJbX3TNNJjm-5rMw@mail.gmail.com> (Kyle Lippincott's message of "Fri, 8 Mar 2024 16:12:07 -0800")
Kyle Lippincott <spectral@google.com> writes:
>> > What loss of security do we have if we don't have as stringent of a
>> > check? i.e. if we just did `return !!strstr(path, "/.git/worktrees/)`?
>>
>> No loss of security.
>
> Then should we just do that?
I do not see what you mean.
> + /* Assumption: `path` points to the root of a $GIT_DIR. */
> static int is_repo_with_working_tree(const char *path)
> {
> - return ends_with_path_components(path, ".git");
> + /* $GIT_DIR immediately below the primary working tree */
> + if (ends_with_path_components(path, ".git"))
> + return 1;
> +
> + /*
> + * Also allow $GIT_DIRs in secondary worktrees.
> + * These do not end in .git, but are still considered safe because
> + * of the .git component in the path.
> + */
> + if (strstr(path, "/.git/worktrees/"))
> + return 1;
> +
> + return 0;
> }
Ah, no. I thought you were asking "goto out" vs "return", and my
answer was about these two. Whether you leave with "goto out" or
"return", it does not change the security posture. Direct return
will raise the risk of leaking resources after careless future
updates to the code.
I didn't get that you do not want to see the other two "sanity
check".
Losing these sanity checks may not lose "security" per-se, but it
may raise the risk of misidentification. A healthy GIT_DIR of a
secondary worktree should satisfy these two extra conditions.
next prev parent reply other threads:[~2024-03-09 1:14 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-20 0:08 [PATCH] setup: allow cwd=.git w/ bareRepository=explicit Kyle Lippincott via GitGitGadget
2024-01-20 22:26 ` Junio C Hamano
2024-01-22 20:50 ` Kyle Lippincott
2024-03-06 17:27 ` Junio C Hamano
2024-03-08 21:19 ` [PATCH 0/2] Loosening safe.bareRepository=explicit even further Junio C Hamano
2024-03-08 21:19 ` [PATCH 1/2] setup: detect to be in $GIT_DIR with a new helper Junio C Hamano
2024-03-08 21:19 ` [PATCH 2/2] setup: make bareRepository=explicit work in GIT_DIR of a secondary worktree Junio C Hamano
2024-03-08 22:30 ` Junio C Hamano
2024-03-08 23:10 ` Kyle Lippincott
2024-03-08 23:32 ` Junio C Hamano
2024-03-09 0:12 ` Kyle Lippincott
2024-03-09 1:14 ` Junio C Hamano [this message]
2024-03-09 3:20 ` Kyle Meyer
2024-03-09 5:53 ` Junio C Hamano
2024-03-09 23:27 ` [PATCH v2] setup: notice more types of implicit bare repositories Junio C Hamano
2024-03-11 19:23 ` Kyle Lippincott
2024-03-11 21:02 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqttlgdx4t.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=spectral@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).