Andreas Ericsson wrote:
> On 04/22/2010 11:42 AM, Jonathan Nieder wrote:
>> [1] I do suspect that in the case of failing enter_repo() or missing
>> git-daemon-export-ok, saying “cannot read the specified repo” would be
>> fine. Most of the time, there is not much value in disclosing a more
>> detailed reason, anyway.
>
> That would make it possible for random attackers to determine whether
> a specific user exists on the system, which is very bad indeed.
I guess I am missing something. How would
(*) $ git clone git://git.example.com/~u/foo
remote: Cannot read the specified repo
tell me whether that user existed on the system? If the daemon gives
the same message for ENOENT, missing git-daemon-export-ok, EPERM, and
so on so I cannot distinguish the cases, then I just don’t see the
problem.
If the daemon failed for some other reason, like a flaky network, I
would see
$ git clone git://git.example.com/~u/foo
fatal: The remote end hung up unexpectedly
So the extra information could still be helpful, without unwanted
information disclosure. In the case (*) I learn definitively that the
address I specified does not represent a repo I have access to, rather
than this being some random, transient unexplained problem.
Thanks for the comment.
Jonathan
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html