Re: bug: git submodule add in of nested submodule handles relative path wrong

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'll add Jens, who has deep knowledge of submodules.

On Wed, Mar 2, 2016 at 8:52 AM, Joey Hess <id@xxxxxxxxxx> wrote:
> joey@darkstar:/tmp/empty>git init sub1
> Initialized empty Git repository in /tmp/empty/sub1/.git/
> joey@darkstar:/tmp/empty>git init sub2
> Initialized empty Git repository in /tmp/empty/sub2/.git/
> joey@darkstar:/tmp/empty>cd sub1
> joey@darkstar:/tmp/empty/sub1>date > f1 ; git add f1; git commit -m add -q
> joey@darkstar:/tmp/empty/sub1>cd ..
> joey@darkstar:/tmp/empty>cd sub2
> joey@darkstar:/tmp/empty/sub2>date > f2 ; git add f2; git commit -m add -q
> joey@darkstar:/tmp/empty/sub2>cd ..
> joey@darkstar:/tmp/empty>git init repo
> Initialized empty Git repository in /tmp/empty/repo/.git/
> joey@darkstar:/tmp/empty>cd repo
> joey@darkstar:/tmp/empty/repo>git submodule add ../sub1 1
> Cloning into '1'...
> done.
> joey@darkstar:/tmp/empty/repo>cd 1
> joey@darkstar:/tmp/empty/repo/1>ls
> f1
> joey@darkstar:/tmp/empty/repo/1>git submodule add ../../sub2 2
> fatal: repository '/tmp/sub2' does not exist
> fatal: clone of '/tmp/sub2' into submodule path '2' failed

This happens because inside "git submodule add" as in
any git submodule command you cd to the top level of the superproject
and then there is no proper way to describe where you came from.

Compare to [1], where I poke around with submodules as well.

[1] http://thread.gmane.org/gmane.comp.version-control.git/287620

>
> Like the bug I filed yesterday, this is caused by git submodule add's
> chdir into .git/modules.

I wonder if we want to take note of "these small annoyances"
in the submodule wiki[2].

[2] https://github.com/jlehmann/git-submod-enhancements/wiki#submodule-related-bugs-to-fix
  I consider Jens wiki one of the best sources for a high level overview
  of what needs to be done, and what is already solved for submodules.
  I linked to this thread from there. (I did not know I had write permission)

Thanks,
Stefan

>
> Workaround is to pass absolute paths to git submodule add.
>
> Note that this could be an exploitable security hole under some unusual
> circumstances. In the example above, any other local user could create a
> /tmp/sub2 containing something nasty, and git would check it out
> accidentially.
>
> git version 2.7.0
>
> --
> see shy jo
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]