Re: odb_mkstemp's 0444 permission broke write/delete access on AFP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I don’t see the issue for the owner of his/her own file to have write access.
Setting tmp idx & pack files to read-only even for the file owner is not a safety feature.

The real issue here is that in AFP file system can’t even unlink or rename or delete the tmp idx and pack file with no write access after it done, while other file system like ext4,hfs+, etc can.

You should at least give the user the option to set the permission in the config file and not hardcoded the permission in the binary.

Regards,
Fairuzan


> On Feb 17, 2015, at 2:23 AM, Matthieu Moy <Matthieu.Moy@xxxxxxxxxxxxxxx> wrote:
> 
> Fairuzan Roslan <fairuzan.roslan@xxxxxxxxx> writes:
> 
>> Hi,
>> 
>> Somehow the “int mode = 0444;” in odb_mkstemp (environment.c) are
>> causing a lot of issues (unable to unlink/write/rename) to those
>> people who use AFP shares.
> 
> Is it a problem when using Git (like "git gc" failing to remove old
> packs), or when trying to remove files outside Git?
> 
>> The issue was first introduced in
>> https://github.com/git/git/blob/f80c7ae8fe9c0f3ce93c96a2dccaba34e456e33a/wrapper.c
>> line 284.
> 
> I don't think so. The code before this commit did essentially a chmod
> 444 on the file, so object files were already read-only before.
> 
> The pack files have been read-only since d83c9af5c6a437ddaa9dd27 (Junio,
> Apr 22 2007).
> 
>> To fix these issues the permission need to be adjusted to “int mode =
>> 0644;” in odb_mkstemp (environment.c)
> 
> The issue is that having object and pack files read-only on the
> filesystem is a safety feature to prevent accidental modifications (even
> though it's actually not that effective, since brute-force "sed -i" or
> "perl -i" still accept to modify read-only files).
> 
> So, I'd be a bit reluctant to remove this safety feature for all users
> if it's only for the benefit of a minority of users. Not that I think
> the problem shouldn't be fixed, but I'd rather investigate alternate
> solutions before using this mode = 0644.
> 
> --
> Matthieu Moy
> http://www-verimag.imag.fr/~moy/

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]