Re: [PATCH 0/7] forbidding symlinked .gitattributes and .gitignore

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 05, 2020 at 12:32:02AM -0700, Jonathan Nieder wrote:

> Jeff King wrote:
> 
> > About 2 years ago as part of a security release we made it illegal to
> > have a symlinked .gitmodules file (refusing it both in the index and via
> > fsck). At the time we discussed (on the security list) outlawing
> > symlinks for other .git files in the same way, but we decided not to do
> > so as part of the security release, as it wasn't strictly necessary.
> >
> > We publicly revisited the topic in:
> >
> >   https://lore.kernel.org/git/20190114230902.GG162110@xxxxxxxxxx/
> >
> > but there were a few fixes needed, and it got forgotten. So here it is
> > again, with those fixes:
> 
> Oh!  I'm excited --- at $DAYJOB we've been carrying that patch since
> then; I'll be happy to drop it. :)

Part of my ulterior motive is that we've been carrying a patch at GitHub
to pass O_NOFOLLOW when opening in-tree attributes and ignore files
(which we don't normally do on our servers, but do for things like
GitHub Pages). But I think O_NOFOLLOW isn't perfectly portable (despite
being in POSIX), and the patch is rather invasive.

I also looked at one point into preventing just out-of-tree symlinks.
That helps with out-of-repo reads, but it doesn't change the fact that
in-index reads of symlinks are broken. We _could_ change that with a lot
of work, but I don't think anybody cares enough about the feature to do
so.

-Peff



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux