From: Jeff King <peff@peff.net>
To: Glen Choo <chooglen@google.com>
Cc: "Michael McClimon" <michael@mcclimon.org>,
"Carlo Marcelo Arenas Belón" <carenas@gmail.com>,
"Johannes Schindelin" <Johannes.Schindelin@gmx.de>,
"Junio C Hamano" <gitster@pobox.com>,
git@vger.kernel.org
Subject: Re: What's cooking in git.git (Oct 2022, #06; Wed, 19)
Date: Sat, 22 Oct 2022 18:11:28 -0400 [thread overview]
Message-ID: <Y1RqkMk4A8N6A38K@coredump.intra.peff.net> (raw)
In-Reply-To: <kl6lczalx8ox.fsf@chooglen-macbookpro.roam.corp.google.com>
On Fri, Oct 21, 2022 at 12:45:02PM -0700, Glen Choo wrote:
> However, if GIT_DIR is set by searching for the repo (e.g. by "git
> rev-parse --git-dir"), this just disables every safe.* protection. IIRC,
> you mentioned that this is exactly what Git.pm does, so as it is, yes
> this does leave us in a vulnerable state.
Thanks, that matches my understanding. I think Git.pm is vulnerable (but
again, not in a released version because of the syntax error).
> If we are using `git rev-parse --git-dir`, maybe a reasonable solution
> would be to teach `rev-parse` to respect safe.* protections? e.g. `git
> rev-parse --git-dir --safe` could error out just like `git` in an unsafe
> repository.
rev-parse does work that way. It's just that Git.pm has some oddities.
More discussion (with my analysis and a patch) in this other thread:
https://lore.kernel.org/git/Y1Rp+7R7e+LFa5k6@coredump.intra.peff.net/
-Peff
next prev parent reply other threads:[~2022-10-22 22:11 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-20 1:31 What's cooking in git.git (Oct 2022, #06; Wed, 19) Junio C Hamano
2022-10-20 6:18 ` Jeff King
2022-10-20 15:38 ` Junio C Hamano
2022-10-20 9:56 ` pw/rebase-reflog-fixes (was Re: What's cooking in git.git (Oct 2022, #06; Wed, 19)) Phillip Wood
2022-10-21 1:16 ` What's cooking in git.git (Oct 2022, #06; Wed, 19) Michael McClimon
2022-10-21 4:55 ` Jeff King
2022-10-21 19:45 ` Glen Choo
2022-10-22 22:11 ` Jeff King [this message]
2022-10-21 3:15 ` tb/remove-unused-pack-bitmap Taylor Blau
-- strict thread matches above, loose matches on Subject: below --
2022-10-20 1:34 What's cooking in git.git (Oct 2022, #06; Wed, 19) Junio C Hamano
2022-10-20 11:57 ` Philip Oakley
2022-10-20 15:35 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y1RqkMk4A8N6A38K@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=Johannes.Schindelin@gmx.de \
--cc=carenas@gmail.com \
--cc=chooglen@google.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=michael@mcclimon.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).