Re: [PATCH 1/2] Documentation: explain how safe.directory works when running under sudo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 27, 2022 at 10:17 PM Junio C Hamano <gitster@xxxxxxxxx> wrote:
> Carlo Marcelo Arenas Belón  <carenas@xxxxxxxxx> writes:
> > diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt
> > index 6d764fe0ccf..67f8ef5d766 100644
> > --- a/Documentation/config/safe.txt
> > +++ b/Documentation/config/safe.txt
> > @@ -26,3 +26,11 @@ directory was listed in the `safe.directory` list. If `safe.directory=*`
> >  is set in system config and you want to re-enable this protection, then
> >  initialize your list with an empty value before listing the repositories
> >  that you deem safe.
> > ++
> > +When git tries to check for ownership of git repositories it will obviously
>
> Comma before "it will obviously".

Obviously my whole paragraph could be improved further, do you want
a reroll with this fix, or would instead fixup locally?

> > +use the user that is being used to run git itself, but if git is running

"use the user that is being used", is something my high school grammar
teacher would label as a "cacophony", so feel free to provide an
alternative as well there.

> > +as root, it will first check if it might had been started through `sudo`,
> > +and if that is the case, will use the user id that invoked sudo instead.
>
> This raises a design question.  In a repository is owned by root,
> shouldn't "sudo git describe" work?  IOW, I am wondering if the
> "instead" at the end of the description is what we want, or if we
> want to check both the original user and "root".

I think it makes sense to have both, and your implementation below
seems like a good way to do it but it might not be as safe as it
seems, since sometimes directories owned by root might be also world
writable and therefore not necessarily safe.

This is obviously not directly related to this code, but the original
issue as reported in Windows for the original CVE could be traced back
to the default policy to allow any authenticated user to write in the
root directory.

Carlo




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux