git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / code / Atom feed
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Lukas Straub <lukasstraub2@web.de>
Cc: Jeff King <peff@peff.net>, Junio C Hamano <gitster@pobox.com>,
	"Randall S. Becker" <rsbecker@nexbridge.com>,
	'git' <git@vger.kernel.org>, 'Elijah Newren' <newren@gmail.com>,
	'Brandon Williams' <bwilliams.eng@gmail.com>,
	'Johannes Schindelin' <Johannes.Schindelin@gmx.de>
Subject: Re: [RFC PATCH 0/2] Allow adding .git files and directories
Date: Fri, 21 Aug 2020 22:52:37 +0000	[thread overview]
Message-ID: <20200821225237.GW8085@camp.crustytoothpaste.net> (raw)
In-Reply-To: <20200821143941.28f71287@luklap>

[-- Attachment #1: Type: text/plain, Size: 1631 bytes --]

On 2020-08-21 at 12:39:41, Lukas Straub wrote:
> The downsides we discussed don't apply in this usecase. These are mostly
> personal files, so I wont upload them to any hosting site (not even private
> ones). There is no security impact as I only sync with trusted devices.

I realize this works for you, but in general Git's security model does
not permit untrusted configuration files or hooks.  Configuration can
have numerous different commands that Git may execute and it is not, in
general, safe to share across users.  This is why Git does not provide a
way to sync whole repositories, only the objects within them.

Adding the ability to transport configuration through a repository is a
security problem because it allows an attacker to potentially execute
arbitrary code on the user's machine, and I can tell you that many, many
people do clone untrusted repositories.  Just because you are aware of
the risks, are comfortable with them, and are the only user in this
scenario does not mean that this feature is a prudent one to add to Git.
It violates our own security model, and as such, isn't a feature we're
going to want to add.

I want to be clear that it is not that we don't see your use case as
valuable or important, only that we can't see a way to implement it
securely as proposed.  Warning users unfortunately isn't sufficient
because users tend not to read documentation.

Multiple core contributors representing various aspects of the Git
community have weighed in, and it looks like the answer is unanimous.

Sorry for the bad news.
-- 
brian m. carlson: Houston, Texas, US

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 263 bytes --]

  parent reply	other threads:[~2020-08-21 22:52 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-19 16:43 Lukas Straub
2020-08-19 16:43 ` [RFC PATCH 1/2] dir/read-cache: " Lukas Straub
2020-08-19 16:43 ` [RFC PATCH 2/2] dir: Recurse into nested git repos if they aren't submodules Lukas Straub
2020-08-19 18:03 ` [RFC PATCH 0/2] Allow adding .git files and directories Junio C Hamano
2020-08-19 18:47   ` Randall S. Becker
2020-08-19 19:09     ` Junio C Hamano
2020-08-19 19:23       ` Randall S. Becker
2020-08-19 20:17       ` Jeff King
2020-08-19 20:32         ` Junio C Hamano
2020-08-19 20:38           ` Jeff King
2020-08-19 21:56             ` Randall S. Becker
2020-08-20 10:16             ` Johannes Schindelin
2020-08-20 11:34             ` Lukas Straub
2020-08-20 13:01               ` Jeff King
2020-08-21 12:39                 ` Lukas Straub
2020-08-21 13:11                   ` Randall S. Becker
2020-08-21 22:52                   ` brian m. carlson [this message]
2020-08-22 14:21                     ` Lukas Straub
2020-08-22 18:53                       ` brian m. carlson
2020-08-22 19:12                         ` Lukas Straub
2020-08-24 13:52                           ` Johannes Schindelin
2020-08-20 12:37         ` Lukas Straub
2020-08-20 13:08           ` Jeff King
2020-08-19 19:22     ` Lukas Straub
2020-08-19 18:47   ` Lukas Straub
2020-08-19 19:16     ` Randall S. Becker
2020-08-20 11:46       ` Lukas Straub

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200821225237.GW8085@camp.crustytoothpaste.net \
    --to=sandals@crustytoothpaste.net \
    --cc=Johannes.Schindelin@gmx.de \
    --cc=bwilliams.eng@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=lukasstraub2@web.de \
    --cc=newren@gmail.com \
    --cc=peff@peff.net \
    --cc=rsbecker@nexbridge.com \
    --subject='Re: [RFC PATCH 0/2] Allow adding .git files and directories' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).