On Mon, Apr 25, 2022 at 12:02:45AM -0700, Carlo Marcelo Arenas Belón wrote:
> On Sun, Apr 24, 2022 at 11:39:27PM -0700, Junio C Hamano wrote:
> > Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx> writes:
> >
> > > At that point, though you might as well excempt root from this check
> >
> > But "root" or any higher-valued account is what needs this kind of
> > protection the most, no?
>
> correct, and I didn't meant to excempt root from the protection, but
> from the check that requires that the config file ownership matches.
>
> if the config file is owned by root, we already lost, regardless of what
> uid git is running as.
apologies for my confusing english, hopefully this C is clearer
diff --git a/git-compat-util.h b/git-compat-util.h
index 58fd813bd01..6a385be7d1d 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -440,9 +440,19 @@ static inline int git_offset_1st_component(const char *path)
static inline int is_path_owned_by_current_uid(const char *path)
{
struct stat st;
+ uid_t euid;
+
if (lstat(path, &st))
return 0;
- return st.st_uid == geteuid();
+
+ euid = geteuid();
+ if (!euid && st.st_uid && isatty(0)) {
+ struct stat ttyst;
+ if (!stat(ttyname(0), &ttyst))
+ euid = ttyst.st_uid;
+ }
+
+ return st.st_uid == euid;
}
#define is_path_owned_by_current_user is_path_owned_by_current_uid
it uses stdin instead not to fall in the issue that was raised by
Gábor, but I am affraid that it might need to check all stdnandles for
a valid tty to be safe, and it looking even more complex.
Carlo
