From: Jeff Hostetler <git@jeffhostetler.com>
To: Junio C Hamano <gitster@pobox.com>, Jeff King <peff@peff.net>
Cc: Jonathan Tan <jonathantanmy@google.com>,
git@vger.kernel.org, Jeff Hostetler <jeffhost@microsoft.com>
Subject: Re: [PATCH v4 4/6] list-objects: filter objects in traverse_commit_list
Date: Fri, 17 Nov 2017 10:42:52 -0500 [thread overview]
Message-ID: <6f433987-f91b-d5b5-242e-3a241b7442c7@jeffhostetler.com> (raw)
In-Reply-To: <xmqqh8tttzwq.fsf@gitster.mtv.corp.google.com>
On 11/16/2017 9:14 PM, Junio C Hamano wrote:
> Jeff King <peff@peff.net> writes:
>
>> Those encodings don't necessarily need to be the same, because they're
>> about transport. Inside each process we'd have the raw bytes, and encode
>> them as appropriate to whatever sub-program we're going to pass to (or
>> not at all if we skip the shell for sub-processes, which is usually a
>> good idea).
>
> Yes, I share the same feeling. It does not help that the series
> defines its own notion of arg_needs_armor() and uses it to set a
> field called requires_armor that is not yet used, the definition of
> "armor"ing being each byte getting encoded as two hexadecimal digits
> without any sign (which makes me wonder what a receiver of
> "deadbeef" would do---did it receive an armored string or a plain
> one???). I do not understand why these strings are not passed as
> opaque sequences of bytes and instead converted at this low a layer.
I'm probably being too paranoid. My fear is that a client could pass
an expression to clone/fetch/fetch-pack that would be sent to the
server and evaluated by the interface between upload-pack and pack-objects.
I'm not worried about the pack-protocol transport. I'm mainly concerned
in how upload-pack passes that *client-expression* to pack-objects and are
there ways for that to go south on the server with a carefully crafted
expression.
Even if we assume that upload-pack on the server directly invokes
pack-objects (rather than a shell), there still might be issues.
For platforms like Linux which have a native execve() and can pass
args in an argv (and which the sub-process also receives in an argv
in their main()), my paranoia is probably overkill.
But on Windows, where the native interface takes a command-line string
rather than an argv, I was concerned. Yes, there is code in compat/mingw.c
to quote args when building a command line from an argv (and I'm *not*
saying there are bugs in that), but again maybe I am being paranoid.
I'll take another look and the existing quoting mechanisms and re-eval.
Thanks,
Jeff
next prev parent reply other threads:[~2017-11-17 15:42 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-16 18:07 [PATCH v4 0/6] Partial clone part 1: object filtering Jeff Hostetler
2017-11-16 18:07 ` [PATCH v4 1/6] dir: allow exclusions from blob in addition to file Jeff Hostetler
2017-11-16 18:07 ` [PATCH v4 2/6] oidmap: add oidmap iterator methods Jeff Hostetler
2017-11-16 18:07 ` [PATCH v4 3/6] oidset: add iterator methods to oidset Jeff Hostetler
2017-11-16 18:07 ` [PATCH v4 4/6] list-objects: filter objects in traverse_commit_list Jeff Hostetler
2017-11-16 20:21 ` Jonathan Tan
2017-11-16 21:49 ` Jeff Hostetler
2017-11-16 21:57 ` Jeff King
2017-11-17 2:14 ` Junio C Hamano
2017-11-17 15:42 ` Jeff Hostetler [this message]
2017-11-17 22:19 ` Jeff King
2017-11-16 18:07 ` [PATCH v4 5/6] rev-list: add list-objects filtering support Jeff Hostetler
2017-11-16 20:43 ` Jonathan Tan
2017-11-17 2:14 ` Junio C Hamano
2017-11-17 17:36 ` Jeff Hostetler
2017-11-16 18:07 ` [PATCH v4 6/6] pack-objects: add list-objects filtering Jeff Hostetler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6f433987-f91b-d5b5-242e-3a241b7442c7@jeffhostetler.com \
--to=git@jeffhostetler.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jeffhost@microsoft.com \
--cc=jonathantanmy@google.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).