From: Jonathan Nieder <jrnieder@gmail.com>
To: Jeff King <peff@peff.net>
Cc: Junio C Hamano <gitster@pobox.com>,
"W. Trevor King" <wking@tremily.us>,
Mike Galbraith <bitbucket@online.de>, git <git@vger.kernel.org>
Subject: [PATCH] fixup! config: allow inaccessible configuration under $HOME
Date: Fri, 12 Apr 2013 13:34:42 -0700 [thread overview]
Message-ID: <20130412203442.GT27070@google.com> (raw)
In-Reply-To: <20130412193755.GA5329@sigill.intra.peff.net>
A cleanup from Jeff King.
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
---
wrapper.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
Jeff King wrote:
> I kind of wonder if we are doing anything with the check at this point.
> I suppose ENOMEM and EIO are the only interesting things left at this
> point. The resulting code would be much nicer if the patch were just:
>
> -access_or_die(...);
> +access(...);
>
> but I guess those conditions are still worth checking for, especially if
> we think an attacker could trigger ENOMEM intentionally. To be honest, I
> am not sure how possible that is, but it is not that hard to do so.
Yeah, I was tempted to go the plain access() route. The case that
convinced me not to is that I wouldn't want to think about whether
there could have been a blip in $HOME producing EIO when wondering how
some malformed object had been accepted. The ENOMEM case just seemed
simpler to explain.
I would also be surprised if it is easy to control kernel ENOMEM
carefully enough to exploit (a more likely DoS outcome is crashing
programs or a kernel assertion failure, which are more harmless in
their way). I've given up on predicting what is too hard or easy
enough for security folks. I couldn't think of an obviously easier
vulnerability that is already accepted to put my mind at ease.
[...]
> I know you are trying to be flexible with the flag,
I was mostly worried about damage to readability if we end up needing
to go further down this direction. The opportunity to look at all
call sites was also nice.
[...]
> static int access_error_is_ok(int err, int flag)
> {
> return err == ENOENT || errno == ENOTDIR ||
> (flag & ACCESS_EACCES_OK && err == EACCES);
> }
Nice. Here's a patch for squashing in.
diff --git a/wrapper.c b/wrapper.c
index e860ad1..29a866b 100644
--- a/wrapper.c
+++ b/wrapper.c
@@ -408,11 +408,16 @@ void warn_on_inaccessible(const char *path)
warning(_("unable to access '%s': %s"), path, strerror(errno));
}
+static int access_error_is_ok(int err, unsigned flag)
+{
+ return errno == ENOENT || errno == ENOTDIR ||
+ ((flag & ACCESS_EACCES_OK) && errno == EACCES);
+}
+
int access_or_warn(const char *path, int mode, unsigned flag)
{
int ret = access(path, mode);
- if (ret && errno != ENOENT && errno != ENOTDIR &&
- (!(flag & ACCESS_EACCES_OK) || errno != EACCES))
+ if (ret && !access_error_is_ok(errno, flag))
warn_on_inaccessible(path);
return ret;
}
@@ -420,8 +425,7 @@ int access_or_warn(const char *path, int mode, unsigned flag)
int access_or_die(const char *path, int mode, unsigned flag)
{
int ret = access(path, mode);
- if (ret && errno != ENOENT && errno != ENOTDIR &&
- (!(flag & ACCESS_EACCES_OK) || errno != EACCES))
+ if (ret && !access_error_is_ok(errno, flag))
die_errno(_("unable to access '%s'"), path);
return ret;
}
--
1.8.2.1
next prev parent reply other threads:[~2013-04-12 20:34 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-10 5:33 regression: "96b9e0e3 config: treat user and xdg config permission problems as errors" busted git-daemon Mike Galbraith
2013-04-10 13:56 ` W. Trevor King
2013-04-11 3:39 ` Mike Galbraith
2013-04-11 5:42 ` Jeff King
2013-04-11 7:59 ` Mike Galbraith
2013-04-11 15:35 ` Junio C Hamano
2013-04-11 17:24 ` Jeff King
2013-04-11 18:11 ` Jonathan Nieder
2013-04-11 18:14 ` Jeff King
2013-04-11 18:25 ` Jonathan Nieder
2013-04-11 19:54 ` Junio C Hamano
2013-04-11 20:03 ` W. Trevor King
2013-04-11 22:20 ` Junio C Hamano
2013-04-11 22:23 ` Jeff King
2013-04-12 0:57 ` W. Trevor King
2013-04-12 4:11 ` Junio C Hamano
2013-04-12 4:35 ` Jeff King
2013-04-12 4:46 ` Junio C Hamano
2013-04-12 5:05 ` Jeff King
2013-04-12 5:46 ` Mike Galbraith
2013-04-12 11:26 ` W. Trevor King
2013-04-12 14:48 ` Jeff King
2013-04-12 16:08 ` Junio C Hamano
2013-04-12 16:16 ` Jeff King
2013-04-12 17:05 ` Jeff King
2013-04-12 18:23 ` Junio C Hamano
2013-04-12 19:01 ` Jeff King
2013-04-12 19:51 ` Junio C Hamano
2013-04-12 19:58 ` Jeff King
2013-04-12 20:45 ` Junio C Hamano
2013-04-12 19:14 ` [PATCH] config: allow inaccessible configuration under $HOME Jonathan Nieder
2013-04-12 19:37 ` Jeff King
2013-04-12 20:34 ` Jonathan Nieder [this message]
2013-04-12 21:03 ` [PATCH v2] " Jonathan Nieder
2013-04-13 4:28 ` Mike Galbraith
2013-05-25 11:35 ` Jason A. Donenfeld
2013-04-12 17:31 ` regression: "96b9e0e3 config: treat user and xdg config permission problems as errors" busted git-daemon Junio C Hamano
2013-04-12 16:21 ` Mike Galbraith
2013-04-11 20:08 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130412203442.GT27070@google.com \
--to=jrnieder@gmail.com \
--cc=bitbucket@online.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=wking@tremily.us \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).