From: Junio C Hamano <gitster@pobox.com>
To: Jeff King <peff@peff.net>
Cc: Jonathan Nieder <jrnieder@gmail.com>,
Mike Galbraith <bitbucket@online.de>,
"W. Trevor King" <wking@tremily.us>, git <git@vger.kernel.org>
Subject: Re: regression: "96b9e0e3 config: treat user and xdg config permission problems as errors" busted git-daemon
Date: Thu, 11 Apr 2013 12:54:34 -0700 [thread overview]
Message-ID: <7vwqs8hmh1.fsf@alter.siamese.dyndns.org> (raw)
In-Reply-To: <20130411181439.GA2820@sigill.intra.peff.net> (Jeff King's message of "Thu, 11 Apr 2013 14:14:39 -0400")
Jeff King <peff@peff.net> writes:
> On Thu, Apr 11, 2013 at 11:11:03AM -0700, Jonathan Nieder wrote:
>
>> > -- >8 --
>> > Subject: [PATCH] daemon: set HOME when we switch to --user
>>
>> Thanks for taking care of it. For what it's worth,
>>
>> Acked-by: Jonathan Nieder <jrnieder@gmail.com>
>>
>> I'm not sure whether to keep 96b9e0e (config: treat user and xdg
>> config permission problem as errors) in the long run, BTW. There have
>> been multiple reports about dropping privileges and not being able to
>> access the old HOME, and I'm not convinced any more that the
>> predictability is worth the breakage for such people. Though checking
>> if $HOME is inaccessible and treating that case specially would be
>> even worse...
>>
>> Insights welcome.
>
> I could go either way. I think 96b9e0e is the right thing to do
> conceptually, but I kind of doubt it was affecting all that many people.
> And though it's _possible_ for it to be a security problem, I find it
> much more likely that the site admin tries to set some config, gets
> annoyed when it doesn't work, and debugs it. So from a practical
> perspective, 96b9e0e may be doing more harm than good, even though it's
> the right thing.
Recent reports in this thread make us think so, I guess.
But reverting 96b9e0e alone would not help these people very much
though. They will have reams of warning messages in their server
logs, and the way to "fix" it would be the same as the way to work
around the access_or_die(), namely, to set $HOME to point at a more
appropriate place before running "git daemon".
I also have a suspicion that your patch makes things worse for
people who are more adept at these issues around running daemons
than the people who introduced this problem in the first place (eh,
that's "us"). It is plausible that they may run multiple instances
of "initially root but setuid() to an unprivileged user" daemons,
giving each of them a separate play area by setting $HOME to
different values, just for management's ease not necessarily for
security (hence sharing the same unprivileged user), which will be
broken by the patch that unconditionally overrides $HOME.
A trade off to make things slightly easier for one sysadmin by
making another thing impossible to do for another sysadmin does not
sound like a good one.
next prev parent reply other threads:[~2013-04-11 19:54 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-10 5:33 regression: "96b9e0e3 config: treat user and xdg config permission problems as errors" busted git-daemon Mike Galbraith
2013-04-10 13:56 ` W. Trevor King
2013-04-11 3:39 ` Mike Galbraith
2013-04-11 5:42 ` Jeff King
2013-04-11 7:59 ` Mike Galbraith
2013-04-11 15:35 ` Junio C Hamano
2013-04-11 17:24 ` Jeff King
2013-04-11 18:11 ` Jonathan Nieder
2013-04-11 18:14 ` Jeff King
2013-04-11 18:25 ` Jonathan Nieder
2013-04-11 19:54 ` Junio C Hamano [this message]
2013-04-11 20:03 ` W. Trevor King
2013-04-11 22:20 ` Junio C Hamano
2013-04-11 22:23 ` Jeff King
2013-04-12 0:57 ` W. Trevor King
2013-04-12 4:11 ` Junio C Hamano
2013-04-12 4:35 ` Jeff King
2013-04-12 4:46 ` Junio C Hamano
2013-04-12 5:05 ` Jeff King
2013-04-12 5:46 ` Mike Galbraith
2013-04-12 11:26 ` W. Trevor King
2013-04-12 14:48 ` Jeff King
2013-04-12 16:08 ` Junio C Hamano
2013-04-12 16:16 ` Jeff King
2013-04-12 17:05 ` Jeff King
2013-04-12 18:23 ` Junio C Hamano
2013-04-12 19:01 ` Jeff King
2013-04-12 19:51 ` Junio C Hamano
2013-04-12 19:58 ` Jeff King
2013-04-12 20:45 ` Junio C Hamano
2013-04-12 19:14 ` [PATCH] config: allow inaccessible configuration under $HOME Jonathan Nieder
2013-04-12 19:37 ` Jeff King
2013-04-12 20:34 ` [PATCH] fixup! " Jonathan Nieder
2013-04-12 21:03 ` [PATCH v2] " Jonathan Nieder
2013-04-13 4:28 ` Mike Galbraith
2013-05-25 11:35 ` Jason A. Donenfeld
2013-04-12 17:31 ` regression: "96b9e0e3 config: treat user and xdg config permission problems as errors" busted git-daemon Junio C Hamano
2013-04-12 16:21 ` Mike Galbraith
2013-04-11 20:08 ` Jeff King
-- strict thread matches above, loose matches on Subject: below --
2013-04-12 14:45 Evan Priestley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vwqs8hmh1.fsf@alter.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=bitbucket@online.de \
--cc=git@vger.kernel.org \
--cc=jrnieder@gmail.com \
--cc=peff@peff.net \
--cc=wking@tremily.us \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).