Re: [PATCH] daemon: Set up PATH properly on startup.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Johannes Sixt <johannes.sixt@xxxxxxxxxx> wrote:

> There are 2 reason, *not* to do this:
>
> 1. It's not needed. You can use
>
>     /usr/local/bin/git --exec-path=/usr/local/bin daemon --inetd ...
>
> to inject the exec-path.

Don't need the `exec-path': git knows the right one already.  So this is
entirely equivalent to my suggestion, except that the user has to jump
through this stupid hoop.

Besides, I don't want to run `git' from inetd -- it makes distinguishing
things in /etc/hosts.deny harder.  Unless I write wrapper scripts or make
symlinks for everything, I suppose, but doesn't it seem mad to invent
wrapper scripts to distinguish between things which are already distinct
but glommed together for some strange reason.

> 2. Security. Those inetds launder the environment for a reason. Assume inetd
> sets PATH=/usr/bin:/bin and git-daemon is installed
> as /usr/sbin/git-daemon. With your patch now all hooks run with the path
> set to /usr/sbin:/usr/bin:/bin.

Yes, of course.  Silly me.  It's much better that the service fail to
work at all than that it have something strange like /usr/local/bin on
its PATH.

Besides, the only things git-daemon will actually run are
git-upload-pack, upload-archive and receive-pack. 

  * git-upload-pack in turn runs git-pack-objects, which is a builtin
    and therefore runs setup_path in main.  Anything that does will
    therefore certainly have the same evil on its PATH as would have
    been inserted by my patch -- though I don't think it actually execs
    anything else.

  * git-upload-archive is another builtin, so the same applies; again, I
    don't think it actually execs anything else.

  * git-receive-pack is not something you enable if you care about
    security anyway.

Besides, if there /are/ scripts and so on run by git-daemon, then
they'll be hook scripts, and will also fail if the Git tools aren't on
the PATH.

Your argument, if I might stoop to caricature, seems to be `No, we
mustn't have git-daemon set up the path itself -- it might actually
/work/.'

-- [mdw]
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux