diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2024-03-31 00:22:41 +0100 |
|---|---|---|
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2024-04-17 22:30:24 +0200 |
| commit | 86cb6a3f059968d031fdf6ed49ab38a7ae00847f (patch) | |
| tree | 9dec3da0e9dbd56955d0a65f07016779986c88a3 /setup.c | |
| parent | 9e06401098f5f83fc9a69ab27e449ae746638892 (diff) | |
| parent | e8d0608944486019ea0e1ed2ed29776811a565c2 (diff) | |
| download | git-86cb6a3f059968d031fdf6ed49ab38a7ae00847f.tar.gz | |
Merge branch 'icasefs-symlink-confusion'
This topic branch fixes two vulnerabilities:
- Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
- Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'setup.c')
| -rw-r--r-- | setup.c | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -1165,6 +1165,27 @@ static int ensure_valid_ownership(const char *gitfile, return data.is_safe; } +void die_upon_dubious_ownership(const char *gitfile, const char *worktree, + const char *gitdir) +{ + struct strbuf report = STRBUF_INIT, quoted = STRBUF_INIT; + const char *path; + + if (ensure_valid_ownership(gitfile, worktree, gitdir, &report)) + return; + + strbuf_complete(&report, '\n'); + path = gitfile ? gitfile : gitdir; + sq_quote_buf_pretty("ed, path); + + die(_("detected dubious ownership in repository at '%s'\n" + "%s" + "To add an exception for this directory, call:\n" + "\n" + "\tgit config --global --add safe.directory %s"), + path, report.buf, quoted.buf); +} + static int allowed_bare_repo_cb(const char *key, const char *value, void *d) { enum allowed_bare_repo *allowed_bare_repo = d; |