From: Jeff King <peff@peff.net>
To: Michael McClimon <michael@mcclimon.org>
Cc: "Carlo Marcelo Arenas Belón" <carenas@gmail.com>,
"Glen Choo" <chooglen@google.com>,
"Johannes Schindelin" <Johannes.Schindelin@gmx.de>,
"Junio C Hamano" <gitster@pobox.com>,
git@vger.kernel.org
Subject: Re: What's cooking in git.git (Oct 2022, #06; Wed, 19)
Date: Fri, 21 Oct 2022 00:55:39 -0400 [thread overview]
Message-ID: <Y1ImS1Muvk1MAQeC@coredump.intra.peff.net> (raw)
In-Reply-To: <Y1Hy9n7E1/yWKkYv@newk>
On Thu, Oct 20, 2022 at 09:16:38PM -0400, Michael McClimon wrote:
> > * mm/git-pm-try-catch-syntax-fix (2022-10-17) 1 commit
> > - Git.pm: add semicolon after catch statement
> >
> > Fix a longstanding syntax error in Git.pm error codepath.
> >
> > Will merge to 'next'??
> > source: <20221016212236.12453-2-michael@mcclimon.org>
>
> I am not totally sure what these question marks mean, but I'm happy for
> this to go to next, for what it's worth. (There was an outstanding
> question about the general behavior of Git.pm in bare unsafe
> repositories, but I certainly am not planning to solve it in this
> series.) Thanks!
Me too. I had hoped for a test, but because of those outstanding
questions about the behavior, I think we are better off skipping it for
now, and fixing what is obviously a bug.
There is one devil's advocate thing that is nagging at me, though.
Because this whole safe-directory thing is security-relevant, could we
make things worse by "fixing" it partially? That is, consider
this code:
git init --bare foo.git
sudo chown -R nobody foo.git
cd foo.git
perl -MGit -e 'Git->repository'
Post 2.35.4, etc, is it a security vulnerability for that final step to
open the repository? If so, then right now we are "not vulnerable" in
the sense that an unrelated bug causes Git.pm to bail in the final step.
And fixing that will mean we become vulnerable.
To be clear, having an unrelated bug is not a good way to prevent
security vulnerabilities. But it is the status quo. If the fixed version
(after your patch to add the semicolon) is vulnerable, but the released
one in the hands of users is not, then fixing it does make things worse
in the short term (even though the obviously correct thing in the long
run is to fix that bug and also correct the vulnerability the right
way).
I wasn't around when the directory-ownership stuff was discussed or
worked on. But it might be nice for people who worked on it or thought a
lot about it to give an opinion on whether the state after your patch is
in fact vulnerable to a security flaw.
-Peff
next prev parent reply other threads:[~2022-10-21 4:55 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-20 1:31 What's cooking in git.git (Oct 2022, #06; Wed, 19) Junio C Hamano
2022-10-20 6:18 ` Jeff King
2022-10-20 15:38 ` Junio C Hamano
2022-10-20 9:56 ` pw/rebase-reflog-fixes (was Re: What's cooking in git.git (Oct 2022, #06; Wed, 19)) Phillip Wood
2022-10-21 1:16 ` What's cooking in git.git (Oct 2022, #06; Wed, 19) Michael McClimon
2022-10-21 4:55 ` Jeff King [this message]
2022-10-21 19:45 ` Glen Choo
2022-10-22 22:11 ` Jeff King
2022-10-21 3:15 ` tb/remove-unused-pack-bitmap Taylor Blau
-- strict thread matches above, loose matches on Subject: below --
2022-10-20 1:34 What's cooking in git.git (Oct 2022, #06; Wed, 19) Junio C Hamano
2022-10-20 11:57 ` Philip Oakley
2022-10-20 15:35 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y1ImS1Muvk1MAQeC@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=Johannes.Schindelin@gmx.de \
--cc=carenas@gmail.com \
--cc=chooglen@google.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=michael@mcclimon.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).