mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

set safe.directory when getting config for git-annex-shell or git remotes

Browse source 
Fix more breakage caused by git's fix for CVE-2022-24765, this time
involving a remote (either local or ssh) that is a repository not owned by
the current user.

Sponsored-by: Dartmouth College's DANDI project
This commit is contained in:
Joey Hess 2023-09-07 14:36:16 -04:00
parent 32cb2bd3fa
commit cbfd214993
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
10 changed files with 75 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doc/bugs/enableremote_fails_with___34__wrong_reason__34___stated.mdwn
View file

@ -42,3 +42,5 @@ so, ideally `git annex enableremote` should provide a similar diagnostic output
[[!tag projects/dandi]]
```
> [[fixed|done]] --[[Joey]]

24
doc/bugs/enableremote_fails_with___34__wrong_reason__34___stated/comment_1_c23de4c4ff536a214c795a805957c9f1._comment Normal file
View file

@ -0,0 +1,24 @@
[[!comment format=mdwn
username="joey"
subject="""comment 1"""
date="2023-09-07T17:01:41Z"
content="""
I wonder if it even makes sense for git-annex-shell to replicate this git
security check, or would it be better for it to instruct git to trust the
repository, so it can be used on it?
git's CVE-2022-24765 involves a malicious creation of a .git repository
above the victim's cwd, with a .git/config that causes things like eg shell
prompts that run git to execute attacker-controlled commands.
git-annex-shell commands all take the directory that the repository is
in, and uses that repository. So it doesn't traverse above looking for
other .git directories.
And, `git clone` will happily clone a remote repsository that's owned
by another user, including over ssh. And pull and push etc work with such a
remote. So git-annex-shell should too.
(For that matter, other git-annex-shell commands do work, it's only the
command that reads the git config that fails to work.)
"""]]

13
doc/bugs/enableremote_fails_with___34__wrong_reason__34___stated/comment_2_c75d3a033b1b8699e512df4641a38548._comment Normal file
View file

@ -0,0 +1,13 @@
[[!comment format=mdwn
username="joey"
subject="""comment 2"""
date="2023-09-07T18:21:30Z"
content="""
Closely related, when a local repo is owned by someone else, cloning it and
using it as a git-annex remote also fails, at the same config listing
stage.
I think the same reasoning applies to that, the path to the repo is
explicitly specified in the remote url, so it should treat it as a safe
repo for the purposes of listing its config.
"""]]

8
doc/bugs/enableremote_fails_with___34__wrong_reason__34___stated/comment_3_39e13618336181485175dddc7185160a._comment Normal file
View file

@ -0,0 +1,8 @@
[[!comment format=mdwn
username="joey"
subject="""comment 3"""
date="2023-09-07T18:32:57Z"
content="""
Basically the same fix works for both the ssh remote and the local
remote cases.
"""]]