From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_PASS, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by dcvr.yhbt.net (Postfix) with ESMTP id DA6761F4B4 for ; Mon, 5 Oct 2020 07:17:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725902AbgJEHRw (ORCPT ); Mon, 5 Oct 2020 03:17:52 -0400 Received: from cloud.peff.net ([104.130.231.41]:49206 "EHLO cloud.peff.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725873AbgJEHRw (ORCPT ); Mon, 5 Oct 2020 03:17:52 -0400 Received: (qmail 30272 invoked by uid 109); 5 Oct 2020 07:17:51 -0000 Received: from Unknown (HELO peff.net) (10.0.1.2) by cloud.peff.net (qpsmtpd/0.94) with ESMTP; Mon, 05 Oct 2020 07:17:51 +0000 Authentication-Results: cloud.peff.net; auth=none Received: (qmail 16381 invoked by uid 111); 5 Oct 2020 07:17:51 -0000 Received: from coredump.intra.peff.net (HELO sigill.intra.peff.net) (10.0.0.2) by peff.net (qpsmtpd/0.94) with (TLS_AES_256_GCM_SHA384 encrypted) ESMTPS; Mon, 05 Oct 2020 03:17:51 -0400 Authentication-Results: peff.net; auth=none Date: Mon, 5 Oct 2020 03:17:51 -0400 From: Jeff King To: git@vger.kernel.org Cc: Jonathan Nieder Subject: [PATCH 0/7] forbidding symlinked .gitattributes and .gitignore Message-ID: <20201005071751.GA2290770@coredump.intra.peff.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org About 2 years ago as part of a security release we made it illegal to have a symlinked .gitmodules file (refusing it both in the index and via fsck). At the time we discussed (on the security list) outlawing symlinks for other .git files in the same way, but we decided not to do so as part of the security release, as it wasn't strictly necessary. We publicly revisited the topic in: https://lore.kernel.org/git/20190114230902.GG162110@google.com/ but there were a few fixes needed, and it got forgotten. So here it is again, with those fixes: [1/7]: fsck_tree(): fix shadowed variable [2/7]: fsck_tree(): wrap some long lines These first two are actually an unrelated fix and cleanup in the nearby code. Could be picked up independently. [3/7]: t7415: rename to expand scope [4/7]: t7450: test verify_path() handling of gitmodules Preparatory test cleanup and improvement for existing features. [5/7]: t0060: test obscured .gitattributes and .gitignore matching [6/7]: verify_path(): disallow symlinks in .gitattributes and .gitignore [7/7]: fsck: complain when .gitattributes or .gitignore is a symlink The actual feature, covering the index and fsck. fsck.c | 79 ++++++++++++++----- read-cache.c | 12 ++- t/helper/test-path-utils.c | 41 +++++++--- t/t0060-path-utils.sh | 20 +++++ ...odule-names.sh => t7450-bad-meta-files.sh} | 69 ++++++++++++++-- 5 files changed, 179 insertions(+), 42 deletions(-) rename t/{t7415-submodule-names.sh => t7450-bad-meta-files.sh} (77%) -Peff