On 04/22/2010 12:15 PM, Jonathan Nieder wrote: > Andreas Ericsson wrote: >> On 04/22/2010 11:42 AM, Jonathan Nieder wrote: > >>> [1] I do suspect that in the case of failing enter_repo() or missing >>> git-daemon-export-ok, saying “cannot read the specified repo” would be >>> fine. Most of the time, there is not much value in disclosing a more >>> detailed reason, anyway. >> >> That would make it possible for random attackers to determine whether >> a specific user exists on the system, which is very bad indeed. > > I guess I am missing something. How would > > (*) $ git clone git://git.example.com/~u/foo > remote: Cannot read the specified repo > > tell me whether that user existed on the system? If the daemon gives > the same message for ENOENT, missing git-daemon-export-ok, EPERM, and > so on so I cannot distinguish the cases, then I just don’t see the > problem. > > If the daemon failed for some other reason, like a flaky network, I > would see > > $ git clone git://git.example.com/~u/foo > fatal: The remote end hung up unexpectedly > > So the extra information could still be helpful, without unwanted > information disclosure. In the case (*) I learn definitively that the > address I specified does not represent a repo I have access to, rather > than this being some random, transient unexplained problem. > So that would be the new error message for everything that fails, then? One big reason why I'm not bothered with running the git-daemon on a public server is that it's very simple. If something goes wrong, it dies without fiddling about. How would it benefit you if it said "fatal: Something went wrong, but I didn't crash" instead of just hanging up? If you have the wrong repo address, you'd still have to check up with whoever gave it to you to get it right. If it *does* crash, you'd still have to get hold of the server admin to tell him that it has crashed. A minor patch to git-fetch, updating the error message with a few possible reasons would be far better. I don't care about it myself, but I'm sure such a patch would be a lot easier to get into git.git than something that adds a lot of complexity to the git daemon. -- Andreas Ericsson andreas.ericsson@xxxxxx OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html