With git version 2.45.1 calling "git clone dir1 dir2" fails if dir1 is owned by another user due to the protections for CVE-2024-32004. According to the documentation I expected to be able to set the safe.directory option with either "-c" or "GIT_CONFIG_" environment variables. From the "safe.directory" documentation: > This config setting is only respected in protected configuration > Protected configuration refers to the system, global, and command scopes. > Command scope includes both the GIT_CONFIG_ variables and the "-c" flag. This works for operations like "git status" but not "git clone". To reproduce, first make a repository with your current user: $ mkdir repo-1 && cd repo-1 && git init && cd .. Initialized empty Git repository in /private/tmp/repo-1/.git/ Now clone from "repo-1" using sudo (or any other user account, if using sudo SUDO_UID needs to be unset): $ sudo env SUDO_UID= git clone -c 'safe.directory=*' repo-1/ cloned-repo/ Similarly setting the corrosponding environment variables also doesn't work: $ sudo env SUDO_UID= GIT_CONFIG_COUNT=1 GIT_CONFIG_KEY_0=safe.directory 'GIT_CONFIG_VALUE_0=*' git clone repo-1 cloned-repo In both cases, the command fails with: Cloning into 'cloned-repo'... fatal: detected dubious ownership in repository at '/private/tmp/repo-1//.git' To add an exception for this directory, call: git config --global --add safe.directory /private/tmp/repo-1//.git fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
