On Tue, Feb 17, 2015 at 09:51:38AM +0100, Matthieu Moy wrote: > This should be fixable from Git itself, by replacing the calls to > "unlink" with something like > > int unlink_or_chmod(...) { > if (unlink(...)) { > chmod(...); // give user write permission > return unlink(...); > } > } > > This does not add extra cost in the normal case, and would fix this > particular issue for afp shares. So, I think that would fix the biggest > problem for afp-share users without disturbing others. It seems > reasonable to me to do that unconditionnally. This can have security issues if you're trying to unlink a symlink, as chmod will dereference the symlink but unlink will not. Giving the file owner write permission may not be sufficient, as the user may be a member of a group with write access to the repo. A malicious user who also has access to the repo could force the current user to chmod an arbitrary file such that it had looser permissions. I've seen a case where Perl's ExtUtils::MakeMaker chmoded /etc/mime.types 0666 as a result of this. I don't think there's a secure way to implement this unless you're on an OS with lchmod or fchmodat that supports AT_SYMLINK_NOFOLLOW. Linux is not one of those systems. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature