From: Junio C Hamano <gitster@pobox.com>
To: Stefan Beller <sbeller@google.com>
Cc: git@vger.kernel.org, pclouds@gmail.com
Subject: Re: [RFC/PATCH 4/5] daemon.c: accept extra service arguments
Date: Sat, 28 Feb 2015 19:39:52 -0800 [thread overview]
Message-ID: <xmqqioelgzcn.fsf@gitster.dls.corp.google.com> (raw)
In-Reply-To: <1425085318-30537-5-git-send-email-sbeller@google.com> (Stefan Beller's message of "Fri, 27 Feb 2015 17:01:57 -0800")
Stefan Beller <sbeller@google.com> writes:
> Before 73bb33a (daemon: Strictly parse the "extra arg" part of the
> command - 2009-06-04) a client sending extra arguments could DoS
> git-daemon. 73bb33a fixed it by forbidding extra arguments.
>
> Allow arguments other than "host=" again as a preparation step for
> upload-pack2. "host=" if present must be the first argument
> though. The remaining arguments are concatenated by whitespace.
>
> So far none of supported services support extra arguments. Attempting
> to do will abort the service, just like how it is before. We might
> want to make them silently ignore extra arguments though.
The necessity of this means 3/5, hiding new stuff after
"host=<name>\0", is not a viable strategy to extend the
communication to "git daemon" in a backward compatible way so that
new client can transparently talk with older daemon.
And if you accept that limitation and declare that new client MUST
talk with a new git daemon, then there is not much point in hiding
the extra arguments after "host=<name>\0". You can just declare
that the new git daemon will accept arguments, including
"host=<name>\0", as a series of "var=<val>\0" in separate packets,
not as a part of the initial "<program> <path>" packet, for example.
One thing 3/5 and 4/5 will give you is to allow old clients to talk
to the new git daemon if the way new programs spawned by git daemon
must use that "hiding" trick, but I am not convinced that it is
necessary to resort to that "hiding" trick in the first place.
Under the same "new client must talk with a new daemon, they cannot
talk with existing daemon" limitation, I think you can arrange
things this way by not touching daemon at all:
* Keep the daemon protocol as "<program> <path>\0host=<name>\0".
* New client, as it has to know that it is talking to a host with
new enough Git, can ask "upload-pack-2" as <program>.
* Design the protocol that the protocol backend programs such as
upload-pack-2 (and other updated programs like receive-pack-2,
trickle-pack, ...) talks in such a way that these "extra"
parameters sent when client connects are sent as the first
packet(s).
That way, the new daemon will take "<program> <path>\0host=<name>\0"
and cannot take extra arguments at the end of that packet, but the
new protocol backend programs do not need extra arguments given by
the daemon to them anyway. Old clients will not ask to be connected
to new upload-pack-2 and friends, but that is to be expected.
next prev parent reply other threads:[~2015-03-01 3:40 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-24 3:12 [RFC/PATCH 0/3] protocol v2 Stefan Beller
2015-02-24 3:12 ` [PATCH 1/3] Document protocol capabilities extension Stefan Beller
2015-02-24 3:12 ` [PATCH 2/3] receive-pack: add advertisement of different protocol options Stefan Beller
2015-02-24 3:12 ` [PATCH 3/3] receive-pack: enable protocol v2 Stefan Beller
2015-02-24 4:02 ` [RFC/PATCH 0/3] " Duy Nguyen
2015-02-24 5:40 ` Stefan Beller
2015-02-24 6:15 ` Junio C Hamano
2015-02-24 23:37 ` Stefan Beller
2015-02-25 12:44 ` Duy Nguyen
2015-02-25 18:04 ` Junio C Hamano
2015-02-26 7:31 ` Stefan Beller
2015-02-26 10:15 ` Duy Nguyen
2015-02-26 20:08 ` Stefan Beller
[not found] ` <CACsJy8DOS_999ZgW7TqsH-dkrUFpjZf0TFQeFUt9s0bNhHY0Bw@mail.gmail.com>
2015-02-27 22:20 ` Stefan Beller
2015-02-26 20:13 ` Junio C Hamano
2015-02-27 1:26 ` Stefan Beller
2015-02-27 2:15 ` Stefan Beller
2015-02-27 23:05 ` Junio C Hamano
2015-02-27 23:44 ` Stefan Beller
2015-02-28 0:33 ` Junio C Hamano
2015-02-28 0:46 ` Stefan Beller
2015-02-28 1:01 ` [RFC/PATCH 0/5] protocol v2 for upload-pack Stefan Beller
2015-02-28 1:01 ` [RFC/PATCH 1/5] upload-pack: only accept capabilities on the first "want" line Stefan Beller
2015-02-28 1:01 ` [RFC/PATCH 2/5] upload-pack: support out of band client capability requests Stefan Beller
2015-02-28 7:47 ` Kyle J. McKay
2015-02-28 11:22 ` Duy Nguyen
2015-02-28 22:36 ` Kyle J. McKay
2015-03-01 0:11 ` Duy Nguyen
2015-02-28 11:36 ` Duy Nguyen
2015-02-28 1:01 ` [RFC/PATCH 3/5] connect.c: connect to a remote service with some flags Stefan Beller
2015-02-28 11:11 ` Torsten Bögershausen
2015-03-01 3:22 ` Junio C Hamano
2015-02-28 1:01 ` [RFC/PATCH 4/5] daemon.c: accept extra service arguments Stefan Beller
2015-03-01 3:39 ` Junio C Hamano [this message]
2015-02-28 1:01 ` [RFC/PATCH 5/5] WIP/Document the http protocol change Stefan Beller
2015-02-28 12:26 ` Duy Nguyen
2015-03-01 9:11 ` [RFC/PATCH 0/5] protocol v2 for upload-pack Johannes Sixt
2015-03-02 2:58 ` Junio C Hamano
2015-03-02 3:47 ` [RFC/PATCH 0/3] protocol v2 Junio C Hamano
2015-03-02 9:21 ` Duy Nguyen
2015-03-02 9:24 ` Duy Nguyen
2015-03-03 10:33 ` Duy Nguyen
2015-03-03 17:13 ` Junio C Hamano
2015-03-03 19:47 ` Junio C Hamano
2015-03-04 1:54 ` Duy Nguyen
2015-03-04 4:27 ` Shawn Pearce
2015-03-04 12:05 ` Duy Nguyen
2015-03-04 19:10 ` Shawn Pearce
2015-03-05 1:03 ` Stefan Beller
2015-03-05 16:03 ` Stefan Beller
2015-03-24 17:42 ` Stefan Beller
2015-03-24 18:00 ` Junio C Hamano
2015-03-06 23:38 ` [PATCH] protocol upload-pack-v2 Stefan Beller
2015-03-06 23:40 ` Stefan Beller
2015-03-06 23:55 ` Duy Nguyen
2015-03-07 0:00 ` Duy Nguyen
2015-03-07 0:28 ` Junio C Hamano
2015-03-07 4:28 ` Stefan Beller
2015-03-07 5:21 ` Duy Nguyen
2015-03-08 20:36 ` Junio C Hamano
2015-03-31 19:58 ` Junio C Hamano
2015-04-02 12:37 ` Duy Nguyen
2015-04-02 14:45 ` Junio C Hamano
2015-04-02 22:18 ` Martin Fick
2015-04-02 22:58 ` Junio C Hamano
2015-04-02 23:00 ` Stefan Beller
2015-04-02 23:14 ` Stefan Beller
2015-03-10 1:38 ` Duy Nguyen
2015-03-10 19:36 ` Kyle J. McKay
2015-02-28 0:07 ` [RFC/PATCH 0/3] protocol v2 Duy Nguyen
2015-02-28 0:26 ` Junio C Hamano
2015-03-01 8:41 ` Junio C Hamano
2015-03-01 11:32 ` Duy Nguyen
2015-03-01 19:56 ` Stefan Beller
2015-03-02 1:05 ` David Lang
2015-03-01 23:06 ` Junio C Hamano
2015-03-02 1:09 ` David Lang
2015-03-02 3:10 ` Junio C Hamano
2015-03-01 23:06 ` Philip Oakley
2015-03-02 9:32 ` Duy Nguyen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqioelgzcn.fsf@gitster.dls.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=pclouds@gmail.com \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).