Phillip Wood <phillip.wood123@xxxxxxxxx> writes: > ... What is happening is that > git-daemon checks that the repository path is listed as safe and then > changes into that directory and forks > > git upload-pack --strict . > > "git upload-pack" then checks "." against the list of safe directories > which fails. It fails because the safe directory check does not do any > normalization such as cleaning up "//" elements (as seen in your > example) or expanding relative paths on $git_dir before checking it > against the list of safe directories. > ... > I think the fix is probably to make the safe directory check use the > absolute path of $git_dir. In the mean time there is a workaround if > you're happy to add "." to the list of safe directories. It still is curious why unnormalized "." does not pass "*" (which is not even a pattern matching, but is a declaration that says "don't bother which path we are talking about"), though. As long as the value of that configuration is found to be '*' literally, safe directory data is marked as "is_safe" (cf. setup.c:safe_directory_cb and setup.c:ensure_valid_ownership; notice that data.path is not even consulted if the value of the configuration variable is '*'). Anyway, thanks for digging.
