git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: Junio C Hamano <gitster@pobox.com>
To: "Demi M. Obenour" <athena@invisiblethingslab.com>
Cc: Git <git@vger.kernel.org>
Subject: Re: check_refname_format allows refs with components that begin with -, even though `git tag` does not
Date: Tue, 10 Nov 2020 12:09:55 -0800	[thread overview]
Message-ID: <xmqqd00l6kj0.fsf@gitster.c.googlers.com> (raw)
In-Reply-To: <c926193b-a328-7562-6d4b-1ab2765c8cca@invisiblethingslab.com> (Demi M. Obenour's message of "Tue, 10 Nov 2020 14:32:04 -0500")

"Demi M. Obenour" <athena@invisiblethingslab.com> writes:

> If I try to create a Git tag with a name beginning with `-`,
> Git complains.  However, Git does not check that a repository does
> not have tags containing `-`.

This is quite deliberate.  The command line parser of "git checkout"
and friends long lacked way to say "switch to THAT BRANCH whose name
begins with a hyphen" etc., and preventing tags and branches whose
name begins with a hyphen from created at the Porcelain level was a
way to stop users from hurting themselves.  

These funny names are supported at the plumbing level primarily
because we have historically allowed them and suddenly forbidding
their use would break existing repository.  A secondary reason is to
have a way to learn the current value of and then remove them, so
people with these funnily named branches and tags can "rename" them.

> This almost led to a vulnerability in the QubesOS `verify-git-tag`
> script.

Scripts need to be careful about their inputs, period.

> The best idea I had for a fix is to print names beginning with `-`
> using the fully-qualified form, such as "refs/tags/-a".  Also, `--`
> is used as a delimiter in many commands, and can’t be escaped,
> so disallowing it might be a good idea.

I do not think there is anything to fix.

Command line parsers of some commands may have to learn how to
disambiguate such a strangely named tags and branches, though.  Some
commands do not know --end-of-options convention, for example.

Thanks.


[Further reading]

https://lore.kernel.org/git/7v62pjo4km.fsf@alter.siamese.dyndns.org/
https://lore.kernel.org/git/7vsk262vla.fsf@alter.siamese.dyndns.org/

  reply	other threads:[~2020-11-10 20:10 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-10 19:32 check_refname_format allows refs with components that begin with -, even though `git tag` does not Demi M. Obenour
2020-11-10 20:09 ` Junio C Hamano [this message]
2020-11-10 21:35   ` Jeff King
2020-11-10 21:37     ` [PATCH 1/3] rev-parse: don't accept options after dashdash Jeff King
2020-11-10 21:38     ` [PATCH 2/3] rev-parse: put all options under the "-" check Jeff King
2020-11-10 21:40     ` [PATCH 3/3] rev-parse: handle --end-of-options Jeff King
2020-11-10 22:23       ` Junio C Hamano
2020-11-10 22:28         ` Demi M. Obenour
2020-11-11  2:22         ` Jeff King
2020-11-10 21:33 ` check_refname_format allows refs with components that begin with -, even though `git tag` does not Ævar Arnfjörð Bjarmason

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqqd00l6kj0.fsf@gitster.c.googlers.com \
    --to=gitster@pobox.com \
    --cc=athena@invisiblethingslab.com \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).