On Mon, Jun 17, 2024 at 11:15:13PM +0200, Michal Suchánek wrote: > Hello, > > On Mon, Jun 17, 2024 at 11:47:20AM -0700, Junio C Hamano wrote: > > "David C. Rankin" <drankinatty@xxxxxxxxx> writes: > > > > > Security enhancement in 2.45.1 have broken ability to serve git over > > > https and ssh from local git server running Apache. (web server runs > > > as http:http on Archlinux) > > > > > > The fix of adding the following to gitconfig (system-wide and > > > per-user in ~/.gitconfig) does not solve the problem: > > > > > > [safe] > > > directory = * > > > > It is not clear what you exactly meant "per-user" above, so just to > > make sure. Is this set in the global configuration file for the > > httpd (or whoever Apache runs as) user? > > > > The purpose of "dubious ownershop" thing is to protect the user who > > runs Git from random repositories' with potentially malicious hooks > > and configuration files, so the user being protected (in this case, > > whoever Apache runs as) needs to declare "I trust these > > repositories" in its ~/.gitconfig file. What individual owners of > > /srv/my-repo.git/ project has in their ~/.gitconfig file does not > > matter when deciding if Apache trusts these repositories. > > > looks like the semantic of 'dubious ownershop' changed recently. > > Disro backport of fixes for CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 > CVE-2024-32021 CVE-2024-32465 to 2.35.3 broke git-daemon. No amount of > whitelisting makes the 'fixed' git serve the repository. Same regression between 2.45.0 and 2.45.2 which allegedly fixes the same CVEs. Looks like downgrading to gaping hole version is needed to serve repositories in general. Please consider adjusting the fix so that repositories can still be served. Thanks Michal To reproduce: cat /usr/local/bin/git-ping #!/bin/sh -e # Try connecting to one or more remote repository URLs while true ; do git ls-remote -h "$1" >/dev/null shift [ -n "$1" ] || break done mkdir -p /srv/git/some chown hramrach /srv/git/some su hramrach -c "git init --bare /srv/git/some/repo.git" su hramrach -c "touch /srv/git/some/repo.git/git-daemon-export-ok" version=2.35.3-150300.10.36.1 ; zypper in --oldpackage git-core-$version git-daemon-$version systemctl start git-daemon.service git ping git://localhost/some/repo.git <nothing> version=2.35.3-150300.10.39.1 ; zypper in --oldpackage git-core-$version git-daemon-$version systemctl restart git-daemon.service git ping git://localhost/some/repo.git fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. systemctl status git-daemon.service ● git-daemon.service - Git Daemon Loaded: loaded (/usr/lib/systemd/system/git-daemon.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2024-06-06 08:29:28 CEST; 6min ago Main PID: 31742 (git) Tasks: 2 (limit: 4915) CGroup: /system.slice/git-daemon.service ├─ 31742 git daemon --reuseaddr --base-path=/srv/git/ --user=git-daemon --group=nogroup └─ 31749 /usr/lib/git/git-daemon --reuseaddr --base-path=/srv/git/ --user=git-daemon --group=nogroup Jun 06 08:29:28 localhost.localdomain systemd[1]: Started Git Daemon. Jun 06 08:29:39 localhost.localdomain git-daemon[31756]: fatal: detected dubious ownership in repository at '/srv/git//some/repo.git' Jun 06 08:29:39 localhost.localdomain git-daemon[31756]: To add an exception for this directory, call: Jun 06 08:29:39 localhost.localdomain git-daemon[31756]: git config --global --add safe.directory /srv/git//some/repo.git git config --global --add safe.directory /srv/git//some/repo.git mv ~/.gitconfig /etc/gitconfig git ping git://localhost/some/repo.git fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. git config --global --add safe.directory /srv/git/some/repo.git mv ~/.gitconfig /etc/gitconfig git ping git://localhost/some/repo.git fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.