Re: git-daemon doesn't work as expected in v2.45.1 and friends

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Konstantin Ryabitsev <konstantin@xxxxxxxxxxxxxxxxxxx> writes:

> On Mon, May 20, 2024 at 10:21:23AM GMT, Ondrej Pohorelsky wrote:
>> Is there a way to make git-daemon hosted repositories safe to clone,
>> without specifying in git config? AFAIK this is widely
>> used feature of Git not only by the end users, but also quite a lot of
>> tests rely on it.
> I would say more -- this is very broken and needs to be rolled back. Running
> git-daemon as a different user is the recommended setup for read-only
> deployments.

Is this from f4aa8c8b (fetch/clone: detect dubious ownership of
local repositories, 2024-04-10) where the commit sprinkled a
"protection" meant only for "local clone" to more generic code paths
that are also used by "git daemon" serving a remote clients?  It may
be that the commit was a bit too aggressive and had a blast radius
that is much larger than intended?

I think that 1204e1a8 (builtin/clone: refuse local clones of unsafe
repositories, 2024-04-15), which is a very pointed fix to ensure we
do not "hardlink copy" local repository owned by others for
security, was a good use of die_upon_dubious_ownership() call,

Reverting f4aa8c8b may not be easy to do mechanically, as it
introduces the die_upon_dubious_ownership(), but 1204e1a8 uses an
identical copy of the same function introduced by 8c9c051b (setup.c:
introduce `die_upon_dubious_ownership()`, 2024-04-15), and reverting
f4aa8c8b mechanically out of the merged result in v2.45.1 would
likely to remove the function that is still in use, which would need
to be retained.

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux