Git clone reads safe.directory differently?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Glen Choo's commit 6061601d modified Git so that safe.directory could
be set on the command line using "-c". It seems most sub-commands work
this way, but not "clone". Here is an example:

====================
$ whoami
mike
$ ls -ld /tmp/y | cut -d " " -f 3
root
$ /home/mike/Scratch/git/git -c safe.directory="*" -C /tmp/y log
commit 4be57d4489010047fd3ef39a633264f634a432b5 (HEAD -> master)
Author: [...]
Date:   Sat Jul 27 11:06:19 2024 -0500

    Initial commit
$ /home/mike/Scratch/git/git -c safe.directory="*" clone /tmp/y /tmp/z
Cloning into '/tmp/z'...
warning: templates not found in /home/mike/share/git-core/templates
fatal: detected dubious ownership in repository at '/tmp/y/.git'
To add an exception for this directory, call:

	git config --global --add safe.directory /tmp/y/.git
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
====================

Glen's commit 6061601d seems to indicate there is no security reason
for this:

	"As a result, `safe.directory` now respects '-c', so update the
	tests and docs accordingly. It used to ignore '-c' due to how it
	was implemented, not because of security or correctness concerns."

I added some printf statements to ensure_valid_ownership() in setup.c,
and I found that they executed in the case of running "git log" but not
"git clone".

A little more research found that "git clone" bailed after the call to
transport_get_remote_refs() many lines before the call to clone_local()
-> copy_or_link_directory() -> die_upon_dubious_ownership().
I suspect something along that earlier call path is still using
setup_git_directory_gently(), rather than git_protected_config(), to
check for dubious ownership.

[System Info]
git version:
git version 2.46.0.rc2.dirty
cpu: x86_64
built from commit: ad57f148c6b5f8735b62238dda8f571c582e0e54
sizeof-long: 8
sizeof-size_t: 8
shell-path: /bin/sh
libcurl: 8.6.0
OpenSSL: OpenSSL 3.2.1 30 Jan 2024
zlib: 1.3.1.zlib-ng
uname: Linux 6.9.8-200.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Jul  5 16:20:11 UTC 2024 x86_64
compiler info: gnuc: 14.1
libc info: glibc: 2.39
$SHELL (typically, interactive shell): /bin/bash

[Enabled Hooks]

-- 
Mike

:wq
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux