From: "Randall S. Becker" <rsbecker@nexbridge.com>
To: "'Junio C Hamano'" <gitster@pobox.com>,
"'Lukas Straub'" <lukasstraub2@web.de>
Cc: "'git'" <git@vger.kernel.org>,
"'Elijah Newren'" <newren@gmail.com>,
"'Brandon Williams'" <bwilliams.eng@gmail.com>,
"'Johannes Schindelin'" <Johannes.Schindelin@gmx.de>,
"'Jeff King'" <peff@peff.net>
Subject: RE: [RFC PATCH 0/2] Allow adding .git files and directories
Date: Wed, 19 Aug 2020 14:47:18 -0400 [thread overview]
Message-ID: <04aa01d67659$2dc217b0$89464710$@nexbridge.com> (raw)
In-Reply-To: <xmqqr1s2tswd.fsf@gitster.c.googlers.com>
On August 19, 2020 2:04 PM, Junio C Hamano
> To: Lukas Straub <lukasstraub2@web.de>
> Cc: git <git@vger.kernel.org>; Elijah Newren <newren@gmail.com>;
> Brandon Williams <bwilliams.eng@gmail.com>; Johannes Schindelin
> <Johannes.Schindelin@gmx.de>; Jeff King <peff@peff.net>
> Subject: Re: [RFC PATCH 0/2] Allow adding .git files and directories
>
> Lukas Straub <lukasstraub2@web.de> writes:
>
> > These patches allow this and work well in a quick test. Of course some
> > tests fail because with this the handling of nested git repos changed.
>
> In other words, this breaks the workflow existing users rely on, right? I
do
> not know if such a behaviour ever needs to exist even as an opt-in
feature,
> but it definitely feels wrong to make the behaviour these patches
introduce
> the default.
I am concerned about broader implications. I might be stating the obvious,
but a key security vulnerability that would open up here is to put contents
of files like .git/config into a repository. This capability would allow
scripts to be introduced without the explicit knowledge of the user. While
I'm sure some of the heavy clean/smudge users might appreciate it, this can
represent a vector for the introduction of hostile code into an environment.
While this enhancement seems like a good idea on the surface, if it goes
forward, it should not be the default and should not be under the control of
the upstream repository. You would need loads of warnings about potential
script hazards at the very least presented to the user, beyond what is
already documented in git. This change would not interoperate with JGit -
not that that is a huge concern here, but heavy Jenkins and other pipeline
users could be significantly impacted.
Just putting my CSIO hat on here. We would need a system-wide setting to
prohibit users from using this capability.
Sincerely,
Randall
-- Brief whoami:
NonStop developer since approximately 211288444200000000
UNIX developer since approximately 421664400
-- In my real life, I talk too much.
next prev parent reply other threads:[~2020-08-19 18:47 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-19 16:43 [RFC PATCH 0/2] Allow adding .git files and directories Lukas Straub
2020-08-19 16:43 ` [RFC PATCH 1/2] dir/read-cache: " Lukas Straub
2020-08-19 16:43 ` [RFC PATCH 2/2] dir: Recurse into nested git repos if they aren't submodules Lukas Straub
2020-08-19 18:03 ` [RFC PATCH 0/2] Allow adding .git files and directories Junio C Hamano
2020-08-19 18:47 ` Randall S. Becker [this message]
2020-08-19 19:09 ` Junio C Hamano
2020-08-19 19:23 ` Randall S. Becker
2020-08-19 20:17 ` Jeff King
2020-08-19 20:32 ` Junio C Hamano
2020-08-19 20:38 ` Jeff King
2020-08-19 21:56 ` Randall S. Becker
2020-08-20 10:16 ` Johannes Schindelin
2020-08-20 11:34 ` Lukas Straub
2020-08-20 13:01 ` Jeff King
2020-08-21 12:39 ` Lukas Straub
2020-08-21 13:11 ` Randall S. Becker
2020-08-21 22:52 ` brian m. carlson
2020-08-22 14:21 ` Lukas Straub
2020-08-22 18:53 ` brian m. carlson
2020-08-22 19:12 ` Lukas Straub
2020-08-24 13:52 ` Johannes Schindelin
2020-08-20 12:37 ` Lukas Straub
2020-08-20 13:08 ` Jeff King
2020-08-19 19:22 ` Lukas Straub
2020-08-19 18:47 ` Lukas Straub
2020-08-19 19:16 ` Randall S. Becker
2020-08-20 11:46 ` Lukas Straub
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='04aa01d67659$2dc217b0$89464710$@nexbridge.com' \
--to=rsbecker@nexbridge.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=bwilliams.eng@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=lukasstraub2@web.de \
--cc=newren@gmail.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).