mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

skip checkRepoConfigInaccessible when git directory specified explicitly

Browse source 
Fix a reversion that prevented git-annex from working in a repository when
--git-dir or GIT_DIR is specified to relocate the git directory to
somewhere else. (Introduced in version 10.20220525)

checkRepoConfigInaccessible could still run git config --list, just passing
--git-dir. It seems not necessary, because I know that passing --git-dir
bypasses git's check for repo ownership. I suppose it might be that git
eventually changes to check something about the ownership of the working
tree, so passing --git-dir without --work-tree would still be worth doing.
But for now this is the simple fix.

Sponsored-by: Nicholas Golder-Manning on Patreon
This commit is contained in:
Joey Hess 2022-09-20 14:52:43 -04:00
parent d1467a9b8e
commit 8d26fdd670
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
6 changed files with 61 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

32
doc/bugs/When_--git-dir_is_not_in_--work-tree.mdwn
View file

@ -18,3 +18,35 @@ Simple test case:
failed
And --debug shows:
[2022-09-20 14:17:56.238686901] (Utility.Process) process [1284622] read: git ["config","--local","--list"]
[2022-09-20 14:17:56.240836887] (Utility.Process) process [1284622] done ExitFailure 128
[2022-09-20 14:17:56.24107763] (Git.Config) config output: fatal: --local can only be used inside a git repository
So passing --git-dir to that command will make it succeeed. The problem
though is that passing --git-dir to that command also bypasses git's
fix for CVE-2022-24765. The command would even succeed if the directory
were owned by someone else then.
joey@darkstar:/tmp/foo>sudo chown -R root.root .
[sudo] password for joey:
joey@darkstar:/tmp/foo>git --git-dir=`pwd`/.dotfiles config --local --list
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
core.worktree=/tmp/foo
joey@darkstar:/tmp/foo>git config --local --list
fatal: --local can only be used inside a git repository
But, if the user runs git-annex with an explicit --git-dir,
it's actually ok for git-annex to bypass the CVE-2022-24765 check.
Because --git-dir actually bypasses that check.
So, the fix for this seems like it will involve it remembering
when the git repo was originally specified using --git-dir (or `GIT_DIR`),
and if so, guardSafeToUseRepo can skip the check, or pass --git-dir to
`git config --local --list`.
> [[fixed|done]] --[[Joey]]