From: "Randall S. Becker" <firstname.lastname@example.org> To: "'Junio C Hamano'" <email@example.com>, "'Lukas Straub'" <firstname.lastname@example.org> Cc: "'git'" <email@example.com>, "'Elijah Newren'" <firstname.lastname@example.org>, "'Brandon Williams'" <email@example.com>, "'Johannes Schindelin'" <Johannes.Schindelin@gmx.de>, "'Jeff King'" <firstname.lastname@example.org> Subject: RE: [RFC PATCH 0/2] Allow adding .git files and directories Date: Wed, 19 Aug 2020 14:47:18 -0400 [thread overview] Message-ID: <email@example.com> (raw) In-Reply-To: <firstname.lastname@example.org> On August 19, 2020 2:04 PM, Junio C Hamano > To: Lukas Straub <email@example.com> > Cc: git <firstname.lastname@example.org>; Elijah Newren <email@example.com>; > Brandon Williams <firstname.lastname@example.org>; Johannes Schindelin > <Johannes.Schindelin@gmx.de>; Jeff King <email@example.com> > Subject: Re: [RFC PATCH 0/2] Allow adding .git files and directories > > Lukas Straub <firstname.lastname@example.org> writes: > > > These patches allow this and work well in a quick test. Of course some > > tests fail because with this the handling of nested git repos changed. > > In other words, this breaks the workflow existing users rely on, right? I do > not know if such a behaviour ever needs to exist even as an opt-in feature, > but it definitely feels wrong to make the behaviour these patches introduce > the default. I am concerned about broader implications. I might be stating the obvious, but a key security vulnerability that would open up here is to put contents of files like .git/config into a repository. This capability would allow scripts to be introduced without the explicit knowledge of the user. While I'm sure some of the heavy clean/smudge users might appreciate it, this can represent a vector for the introduction of hostile code into an environment. While this enhancement seems like a good idea on the surface, if it goes forward, it should not be the default and should not be under the control of the upstream repository. You would need loads of warnings about potential script hazards at the very least presented to the user, beyond what is already documented in git. This change would not interoperate with JGit - not that that is a huge concern here, but heavy Jenkins and other pipeline users could be significantly impacted. Just putting my CSIO hat on here. We would need a system-wide setting to prohibit users from using this capability. Sincerely, Randall -- Brief whoami: NonStop developer since approximately 211288444200000000 UNIX developer since approximately 421664400 -- In my real life, I talk too much.
next prev parent reply other threads:[~2020-08-19 18:47 UTC|newest] Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-08-19 16:43 Lukas Straub 2020-08-19 16:43 ` [RFC PATCH 1/2] dir/read-cache: " Lukas Straub 2020-08-19 16:43 ` [RFC PATCH 2/2] dir: Recurse into nested git repos if they aren't submodules Lukas Straub 2020-08-19 18:03 ` [RFC PATCH 0/2] Allow adding .git files and directories Junio C Hamano 2020-08-19 18:47 ` Randall S. Becker [this message] 2020-08-19 19:09 ` Junio C Hamano 2020-08-19 19:23 ` Randall S. Becker 2020-08-19 20:17 ` Jeff King 2020-08-19 20:32 ` Junio C Hamano 2020-08-19 20:38 ` Jeff King 2020-08-19 21:56 ` Randall S. Becker 2020-08-20 10:16 ` Johannes Schindelin 2020-08-20 11:34 ` Lukas Straub 2020-08-20 13:01 ` Jeff King 2020-08-21 12:39 ` Lukas Straub 2020-08-21 13:11 ` Randall S. Becker 2020-08-21 22:52 ` brian m. carlson 2020-08-22 14:21 ` Lukas Straub 2020-08-22 18:53 ` brian m. carlson 2020-08-22 19:12 ` Lukas Straub 2020-08-24 13:52 ` Johannes Schindelin 2020-08-20 12:37 ` Lukas Straub 2020-08-20 13:08 ` Jeff King 2020-08-19 19:22 ` Lukas Straub 2020-08-19 18:47 ` Lukas Straub 2020-08-19 19:16 ` Randall S. Becker 2020-08-20 11:46 ` Lukas Straub
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: http://vger.kernel.org/majordomo-info.html * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --email@example.com' \ --firstname.lastname@example.org \ --cc=Johannes.Schindelin@gmx.de \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='RE: [RFC PATCH 0/2] Allow adding .git files and directories' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Code repositories for project(s) associated with this inbox: https://80x24.org/mirrors/git.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).