git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
* [PATCH] adjust_shared_perm(): leave g+s alone when the group does not matter
@ 2022-10-28 21:16 Junio C Hamano
  2022-10-28 21:46 ` brian m. carlson
  0 siblings, 1 reply; 5+ messages in thread
From: Junio C Hamano @ 2022-10-28 21:16 UTC (permalink / raw)
  To: git; +Cc: Julien Moutinho

Julien Moutinho reports that in an environment where directory does
not have BSD group semantics and requires g+s (aka FORCE_DIR_SET_GID)
but the system cripples chmod() to forbid g+s, adjust_shared_perm()
fails even when the repository is for private use with perm = 0600.

When we grant extra access based on group membership (i.e. the
directory has either g+r or g+w bit set), which group the directory
and its contents are owned by matters.  But otherwise (e.g. perm is
set to 0600, in Julien's case), flipping g+s bit is not necessary.

Reported-by: Julien Moutinho <julm+git@sourcephile.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 path.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/path.c b/path.c
index a3cfcd8a6e..492e17ad12 100644
--- a/path.c
+++ b/path.c
@@ -901,7 +901,13 @@ int adjust_shared_perm(const char *path)
 	if (S_ISDIR(old_mode)) {
 		/* Copy read bits to execute bits */
 		new_mode |= (new_mode & 0444) >> 2;
-		new_mode |= FORCE_DIR_SET_GID;
+
+		/*
+		 * g+s matters only if any extra access is granted
+		 * based on group membership.
+		 */
+		if (FORCE_DIR_SET_GID && (new_mode & 060))
+			new_mode |= FORCE_DIR_SET_GID;
 	}
 
 	if (((old_mode ^ new_mode) & ~S_IFMT) &&
-- 
2.38.1-280-g63bba4fdd8


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] adjust_shared_perm(): leave g+s alone when the group does not matter
  2022-10-28 21:16 [PATCH] adjust_shared_perm(): leave g+s alone when the group does not matter Junio C Hamano
@ 2022-10-28 21:46 ` brian m. carlson
  2022-10-28 21:51   ` Junio C Hamano
  0 siblings, 1 reply; 5+ messages in thread
From: brian m. carlson @ 2022-10-28 21:46 UTC (permalink / raw)
  To: Junio C Hamano; +Cc: git, Julien Moutinho

[-- Attachment #1: Type: text/plain, Size: 1160 bytes --]

On 2022-10-28 at 21:16:09, Junio C Hamano wrote:
> Julien Moutinho reports that in an environment where directory does
> not have BSD group semantics and requires g+s (aka FORCE_DIR_SET_GID)
> but the system cripples chmod() to forbid g+s, adjust_shared_perm()

I would personally use a different verb here because I have the
impression it's offensive, at least when used as a noun.  Perhaps
"limit" or "restrict" might be more neutral, or we could pick another
verb which expresses our displeasure at this design (maybe "impair"?)
but maybe is less likely to be emotionally charged or offend.

> fails even when the repository is for private use with perm = 0600.
> 
> When we grant extra access based on group membership (i.e. the
> directory has either g+r or g+w bit set), which group the directory
> and its contents are owned by matters.  But otherwise (e.g. perm is
> set to 0600, in Julien's case), flipping g+s bit is not necessary.

Except for my comment above, I think the patch here addresses the
proposed issue and looks good, and as usual, is well explained.
-- 
brian m. carlson (he/him or they/them)
Toronto, Ontario, CA

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 263 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] adjust_shared_perm(): leave g+s alone when the group does not matter
  2022-10-28 21:46 ` brian m. carlson
@ 2022-10-28 21:51   ` Junio C Hamano
  2022-10-28 22:21     ` brian m. carlson
  0 siblings, 1 reply; 5+ messages in thread
From: Junio C Hamano @ 2022-10-28 21:51 UTC (permalink / raw)
  To: brian m. carlson; +Cc: git, Julien Moutinho

"brian m. carlson" <sandals@crustytoothpaste.net> writes:

> On 2022-10-28 at 21:16:09, Junio C Hamano wrote:
>> Julien Moutinho reports that in an environment where directory does
>> not have BSD group semantics and requires g+s (aka FORCE_DIR_SET_GID)
>> but the system cripples chmod() to forbid g+s, adjust_shared_perm()
>
> I would personally use a different verb here because I have the
> impression it's offensive, at least when used as a noun.  Perhaps
> "limit" or "restrict" might be more neutral, or we could pick another
> verb which expresses our displeasure at this design (maybe "impair"?)
> but maybe is less likely to be emotionally charged or offend.

castrates? butchers?

tweaks?  That's quite neutral.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] adjust_shared_perm(): leave g+s alone when the group does not matter
  2022-10-28 21:51   ` Junio C Hamano
@ 2022-10-28 22:21     ` brian m. carlson
  2022-10-28 22:49       ` Junio C Hamano
  0 siblings, 1 reply; 5+ messages in thread
From: brian m. carlson @ 2022-10-28 22:21 UTC (permalink / raw)
  To: Junio C Hamano; +Cc: git, Julien Moutinho

[-- Attachment #1: Type: text/plain, Size: 972 bytes --]

On 2022-10-28 at 21:51:42, Junio C Hamano wrote:
> "brian m. carlson" <sandals@crustytoothpaste.net> writes:
> 
> > On 2022-10-28 at 21:16:09, Junio C Hamano wrote:
> >> Julien Moutinho reports that in an environment where directory does
> >> not have BSD group semantics and requires g+s (aka FORCE_DIR_SET_GID)
> >> but the system cripples chmod() to forbid g+s, adjust_shared_perm()
> >
> > I would personally use a different verb here because I have the
> > impression it's offensive, at least when used as a noun.  Perhaps
> > "limit" or "restrict" might be more neutral, or we could pick another
> > verb which expresses our displeasure at this design (maybe "impair"?)
> > but maybe is less likely to be emotionally charged or offend.
> 
> castrates? butchers?
> 
> tweaks?  That's quite neutral.

I think "butchers" or "tweaks" should be fine.  I might say "modifies"
as well.
-- 
brian m. carlson (he/him or they/them)
Toronto, Ontario, CA

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 263 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] adjust_shared_perm(): leave g+s alone when the group does not matter
  2022-10-28 22:21     ` brian m. carlson
@ 2022-10-28 22:49       ` Junio C Hamano
  0 siblings, 0 replies; 5+ messages in thread
From: Junio C Hamano @ 2022-10-28 22:49 UTC (permalink / raw)
  To: brian m. carlson; +Cc: git, Julien Moutinho

"brian m. carlson" <sandals@crustytoothpaste.net> writes:

> On 2022-10-28 at 21:51:42, Junio C Hamano wrote:
>> "brian m. carlson" <sandals@crustytoothpaste.net> writes:
>> 
>> > On 2022-10-28 at 21:16:09, Junio C Hamano wrote:
>> >> Julien Moutinho reports that in an environment where directory does
>> >> not have BSD group semantics and requires g+s (aka FORCE_DIR_SET_GID)
>> >> but the system cripples chmod() to forbid g+s, adjust_shared_perm()
>> >
>> > I would personally use a different verb here because I have the
>> > impression it's offensive, at least when used as a noun.  Perhaps
>> > "limit" or "restrict" might be more neutral, or we could pick another
>> > verb which expresses our displeasure at this design (maybe "impair"?)
>> > but maybe is less likely to be emotionally charged or offend.
>> 
>> castrates? butchers?
>> 
>> tweaks?  That's quite neutral.
>
> I think "butchers" or "tweaks" should be fine.  I might say "modifies"
> as well.

I've decided to weaken it a lot by phrasing it like so:

    ... but the system forbids chmod() to touch the g+s bit, ...




^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-10-28 22:51 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-28 21:16 [PATCH] adjust_shared_perm(): leave g+s alone when the group does not matter Junio C Hamano
2022-10-28 21:46 ` brian m. carlson
2022-10-28 21:51   ` Junio C Hamano
2022-10-28 22:21     ` brian m. carlson
2022-10-28 22:49       ` Junio C Hamano

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).