Re: [PATCH v2 0/8] Some object db protection when add_submodule_odb is used

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 30, 2013 at 3:43 PM, Thomas Rast <trast@xxxxxxxxxxx> wrote:
> Nguyễn Thái Ngọc Duy <pclouds@xxxxxxxxx> writes:
>
>> The idea behind this series is, after add_submodule_odb, odb may have
>> new temporary objects that only appear after the call. These temporary
>> objects may lead to repo corruption (e.g. some new objects are created
>> and point to these temporary objects). This series attempts to catch
>> those cases. It would make it safer to dig deeper into submodule's odb,
>> e.g. to implement unified git-diff.
>>
>> Previous approach [1] is record the odb source, then check if the
>> source is from submodule's odb. But that means we rely on the
>> lookup order in sha1_file.c. This approach instead allows the caller
>> to select what odb sources it wants to look up from.
>>
>> The checks are also less drastic than before. Checks are now done at
>> higher level, e.g. commit_tree(), instead of at write_sha1_file,
>> because we do allow to write objects that point to nowhere.
>>
>> Another new thing from previous round is I completely forbid the use
>> of add_submodule_odb in security sensitive commands like index-pack or
>> rev-list. We could loosen up later if we need to.
>>
>> For fun, I set object_database_contaminated to 1 by default and ran
>> the test suite. It passed :)
>
> How does this interact with alternates set up by the user?  It's not
> immediately obvious from the commit messages (hint hint) or the comments
> near ODB_LOCAL etc.

Room for improvement in the next reroll. Basically objects are put in
the following sources:

 - ODB_CACHED: builtin objects, always exist
 - ODB_LOCAL: objects in $GIT_DIR/objects
 - ODB_ALT: objects from $GIT_DIR/objects/info/alternates
 - and later ODB_EXTALT: objects added by add_submodule_odb()

Many functions now take "origin" as argument. If you pass ODB_ALT, it
will only lookup objects from $GIT_DIR/objects/info/alternates for
example, which might fail if the object does not exist there, or if
it's in a pack and some of the required bases are elsewhere.

By default, everything uses odb_default as the origin, which is
ODB_CACHED|ODB_LOCAL|ODB_ALT (for this patch), so nothing is really
changed regarding alternates setup.
--
Duy
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]