From patchwork Wed Apr 13 15:32:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 12812159 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E001C433EF for ; Wed, 13 Apr 2022 15:32:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236546AbiDMPfB (ORCPT ); Wed, 13 Apr 2022 11:35:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33382 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234705AbiDMPe7 (ORCPT ); Wed, 13 Apr 2022 11:34:59 -0400 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 664ED37ABD for ; Wed, 13 Apr 2022 08:32:36 -0700 (PDT) Received: by mail-wm1-x329.google.com with SMTP id 123-20020a1c1981000000b0038b3616a71aso1408272wmz.4 for ; Wed, 13 Apr 2022 08:32:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=ir+pXSsJCHvJEuBZzgumGeZkqjpPI6gnVe8nyyS4CC4=; b=at5qdLwO78fquIZ8VOpTF2nS7PqXvkpIYY0pfX7e4s8rcmW97T247sTFEUSla/D49X GgmEmsm7VDCoJGwX42mDr+OBg1UGysSkkCbj2+F0KX+2m2SKXUrB5wtVNYGLVK3wkLSY Ji21+efP3V50vgye63/dZeqPpXSEe4kSPTfMK9uNGMvVLrPrZ0VXRtTZFeU9paozP3lM wwyPnHBkNSsiQfprQGVpYCfiJKV00bjmqG0nYWLJg1zbelHwVBO0Q589tYW1OM8RB0l6 U8dVWlL0bdLUyNIiCzO2JBGHTwPIboIci3Eg43xT+qDSL25mK8DnhsQon2eSS60XNO7x 9NRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=ir+pXSsJCHvJEuBZzgumGeZkqjpPI6gnVe8nyyS4CC4=; b=ch9GCljqyw9fRjlCJuDukoqDABJ2d9ZE9xj0HWk5vn/A00tueVJPKb7j7i/P6ZUQvO 4SjBtEj1PREVdDVQL6h5b3E6wr1jU+JGhiTLR5MVAlImWdFve1Bs/TkBLtQXXHD8xpfw Baaht4DOwdprRPp0bQxMFM02yNE/bZ6HShauZ5vKCkZh9gEzuIKOE6KvdHD0bKSHF9S+ xsGe6iVbvi68vj+pfipGCsvxa2XLm/qoymhQC6apR87FVp5rCZ9al81r6rGkv/gUb705 1BRbOlOxU9Jesz3LYBlGY5Xt7Y6BVhID/UvAlupF6C0h23CfCm3YoB34tnzaBznyadPq wHvA== X-Gm-Message-State: AOAM532uJe6JMxoxanoZ3M5IZE1N+E/ynrTo5zMAZNMVENFI+3X4Ns5c P2PJsbfbGfUwNfe916Ny27/iPk3f0hI= X-Google-Smtp-Source: ABdhPJx8BWJuER5Rqq+qebiuw0YaWnTAKbcVpsm3L9l7rbYRaEGIrMyjfA7OrlWFRbSYa49GRFTqNw== X-Received: by 2002:a05:600c:1e08:b0:38e:c0e4:e500 with SMTP id ay8-20020a05600c1e0800b0038ec0e4e500mr9305237wmb.28.1649863954615; Wed, 13 Apr 2022 08:32:34 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id v26-20020a1cf71a000000b0038ea373273bsm2691403wmh.47.2022.04.13.08.32.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Apr 2022 08:32:34 -0700 (PDT) Message-Id: <5b18bd1852d673ab5c62a67f873987d74294cd70.1649863951.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Wed, 13 Apr 2022 15:32:29 +0000 Subject: [PATCH 1/3] t0033: add tests for safe.directory Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, me@ttaylorr.com, johannes.schindelin@gmx.de, Derrick Stolee , Derrick Stolee Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Derrick Stolee From: Derrick Stolee It is difficult to change the ownership on a directory in our test suite, so insert a new GIT_TEST_ASSUME_DIFFERENT_OWNER environment variable to trick Git into thinking we are in a differently-owned directory. This allows us to test that the config is parsed correctly. Signed-off-by: Derrick Stolee --- setup.c | 3 ++- t/t0033-safe-directory.sh | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100755 t/t0033-safe-directory.sh diff --git a/setup.c b/setup.c index c8f67bfed52..f54f449008a 100644 --- a/setup.c +++ b/setup.c @@ -1119,7 +1119,8 @@ static int ensure_valid_ownership(const char *path) { struct safe_directory_data data = { .path = path }; - if (is_path_owned_by_current_user(path)) + if (is_path_owned_by_current_user(path) && + !git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0)) return 1; read_very_early_config(safe_directory_cb, &data); diff --git a/t/t0033-safe-directory.sh b/t/t0033-safe-directory.sh new file mode 100755 index 00000000000..9380ff3d017 --- /dev/null +++ b/t/t0033-safe-directory.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +test_description='verify safe.directory checks' + +. ./test-lib.sh + +GIT_TEST_ASSUME_DIFFERENT_OWNER=1 +export GIT_TEST_ASSUME_DIFFERENT_OWNER + +expect_rejected_dir () { + test_must_fail git status 2>err && + grep "safe.directory" err +} + +test_expect_success 'safe.directory is not set' ' + expect_rejected_dir +' + +test_expect_success 'safe.directory does not match' ' + git config --global safe.directory bogus && + expect_rejected_dir +' + +test_expect_success 'safe.directory matches' ' + git config --global --add safe.directory "$(pwd)" && + git status +' + +test_expect_success 'safe.directory matches, but is reset' ' + git config --global --add safe.directory "" && + expect_rejected_dir +' + +test_done From patchwork Wed Apr 13 15:32:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matheus Valadares X-Patchwork-Id: 12812160 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40B20C433FE for ; Wed, 13 Apr 2022 15:32:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236556AbiDMPfD (ORCPT ); Wed, 13 Apr 2022 11:35:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231396AbiDMPe7 (ORCPT ); Wed, 13 Apr 2022 11:34:59 -0400 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 681E137A2B for ; Wed, 13 Apr 2022 08:32:37 -0700 (PDT) Received: by mail-wm1-x32e.google.com with SMTP id r133-20020a1c448b000000b0038ccb70e239so4205982wma.3 for ; Wed, 13 Apr 2022 08:32:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=5ji0NAditMXl5ctb46aPe6cOYJYjiihFfAaIH+FVMaQ=; b=llUta0KPIGOPM2eByHYhTEGsRJOdTgyCK/f5mg/4kvLFD3jxIXh+LKB08no3NPXLVT /7ANuOT9IenP2EjG5z2DPGY9RIrRGMll0EaUqZgLrJK7nhvqf6a4znrqJfMQiNARX1Hp mgEIe1DWEzpQXVgLai8sLLopUi9dKGDkVi4zUQeP/dgFIalDyUd/5PVMKFpx4ZmsTZcF RC8UaPZdDAs+7ckjX/4Q5LBDCX8QoDU8Kk5PKKZPW3thREGZCfNjjXGFC5lHImWmKGCy S78Y+j8mWZ5CHxO9pK/nnc5TdG4mwx5Wuc5s/Kxlip0tT4clapDIFpx0SGsDNLhFDOKD zugA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=5ji0NAditMXl5ctb46aPe6cOYJYjiihFfAaIH+FVMaQ=; b=B/WkIujfjSmAjWlgSRqGBdyDLxrpW26ef/gDvsBMwjZ4aYx4GJHXOfgxcbYHueVAv2 6+wrFV7K8hoTizYEat44yn+r5G0f1ymDlxCfP8PsxAGihKfOhRdf8uxBU6B5BBaSVUw7 9gf+fqe1iIfURK19z6ur4LBfjqYXkiBKmGzw9VTmP8IrXId97/yvhMVKLSWQkSo8380q mzQBvElQ7rqp0zLHa1h0tXlf/tCso1ftup7V8ME96RmwiXz5Ypt8bE17Co+m4ms8/Tgv /wB5wxOizQsw9r5BtrSiBpJ5ppjRelC+LZ0Arl//rb8VjerxsQ94YzbkEwuVIz55bDKh U8/A== X-Gm-Message-State: AOAM530jVmEhEc5D2of2aw1qmWQtatMDl8ha2pTyHJf+YmsroSc2n1X1 dBfsUV4wbkPcO/aNpV32KLXHm5HoF10= X-Google-Smtp-Source: ABdhPJw1AviMMeSSy77rE142PA4lE2g/Q6vFB2K4eG9CdsXFHnJJUT5G7zER2E32ZnI+sfWdWXWEoA== X-Received: by 2002:a05:600c:3c8d:b0:38e:4bc6:abde with SMTP id bg13-20020a05600c3c8d00b0038e4bc6abdemr8884801wmb.13.1649863955763; Wed, 13 Apr 2022 08:32:35 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id f186-20020a1c38c3000000b0038ea84ab7desm2745064wma.45.2022.04.13.08.32.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Apr 2022 08:32:35 -0700 (PDT) Message-Id: <8a06688c121195f21472e3e49efd2b034b1537fc.1649863951.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Wed, 13 Apr 2022 15:32:30 +0000 Subject: [PATCH 2/3] setup: fix safe.directory key not being checked Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, me@ttaylorr.com, johannes.schindelin@gmx.de, Derrick Stolee , Matheus Valadares Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Matheus Valadares From: Matheus Valadares It seems that nothing is ever checking to make sure the safe directories in the configs actually have the key safe.directory, so some unrelated config that has a value with a certain directory would also make it a safe directory. Signed-off-by: Matheus Valadares Signed-off-by: Derrick Stolee --- setup.c | 3 +++ t/t0033-safe-directory.sh | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/setup.c b/setup.c index f54f449008a..a995c359c32 100644 --- a/setup.c +++ b/setup.c @@ -1100,6 +1100,9 @@ static int safe_directory_cb(const char *key, const char *value, void *d) { struct safe_directory_data *data = d; + if (strcmp(key, "safe.directory")) + return 0; + if (!value || !*value) data->is_safe = 0; else { diff --git a/t/t0033-safe-directory.sh b/t/t0033-safe-directory.sh index 9380ff3d017..6f33c0dfefa 100755 --- a/t/t0033-safe-directory.sh +++ b/t/t0033-safe-directory.sh @@ -21,6 +21,11 @@ test_expect_success 'safe.directory does not match' ' expect_rejected_dir ' +test_expect_success 'path exist as different key' ' + git config --global foo.bar "$(pwd)" && + expect_rejected_dir +' + test_expect_success 'safe.directory matches' ' git config --global --add safe.directory "$(pwd)" && git status From patchwork Wed Apr 13 15:32:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Derrick Stolee X-Patchwork-Id: 12812161 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0FB6C433FE for ; Wed, 13 Apr 2022 15:32:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234917AbiDMPfK (ORCPT ); Wed, 13 Apr 2022 11:35:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236195AbiDMPfA (ORCPT ); Wed, 13 Apr 2022 11:35:00 -0400 Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C40E037A9C for ; Wed, 13 Apr 2022 08:32:38 -0700 (PDT) Received: by mail-wr1-x433.google.com with SMTP id e21so3170538wrc.8 for ; Wed, 13 Apr 2022 08:32:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:in-reply-to:references:from:date:subject:fcc :content-transfer-encoding:mime-version:to:cc; bh=BLQDAXhmfUzAR0ogh5Jsr/0CeMLVX5Pa2WvZyIdyeFk=; b=MPOurEe9xcsnxSP+Uam33/L+OlaWebtfiFNU9wvmRpaMdyDyzvOADHCvMm76ODA++k rZ2UQOqtzzoPROQMnVDk0ZBaJkDRXHmTEzgQ99TLRHCfg31jxNuEieHLm983axj19WOV 9Wqcv/9Y2s9kD+3e3Q/77z4+qnIkDMpcJinxjtw5WaR0mhHobx+gDqEFOqPtICgPx+aW wPWlIv1hPfqGbd1Imy1JJY2GL3TdH47E0OD7gGU9lI6EwmVZSror66AYc8ZEbuo52oyo 2op6pv+58WDQEVM8TdUKza4DU/mm3Tw6iZRE88OOvwv5/SuZjqyRjZPJLWMWEEP6KQhk 6t8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:in-reply-to:references:from:date :subject:fcc:content-transfer-encoding:mime-version:to:cc; bh=BLQDAXhmfUzAR0ogh5Jsr/0CeMLVX5Pa2WvZyIdyeFk=; b=4xKUhFQGuhAGWIVvMSICWm1gBEOVCxbEYy761x6imuIeMTQK/xGGedkiVwNGWcZTvT 8PmUAIQvkfRpFPf0TJA1KPJ4fozjqIeIYN18OqL4xhYayFdJpk5Y++hOW6zqvDmwFzdF hEPsRi/agT2UAslBME6nnZ8qrx/4NfLA8I6jhkzSOlhJlCdmnR9SPsnRi9BKgDBW4Htv tkJOgTp8v8Ly2XPU6StStxgzkghwF5bHUPC/DJRsOg+xxqBaj9yi+PhwtvHc0dT0dDLL 6V+iyiO81h4lyiDvCJnVit4qBC8C+WrNWxKNAv6osqeGCNvf5GOF+tjx3wh3GD11fkZw 5hng== X-Gm-Message-State: AOAM533ji1E9tR6tWSQp4S7bgY0uIVUUlfGy8N51ihLbkSXWlr+6S/Jo KrkdC4LmMi6mwoH2hseA+7OobjX2Y6s= X-Google-Smtp-Source: ABdhPJwOOIs5q4FVX+y/fQ84KYPAULnWOuU1kO6HRhSSL+iDn0z4MfDd/2zAoZyJgQxNQLzDMdN5nA== X-Received: by 2002:a5d:591c:0:b0:207:a060:426c with SMTP id v28-20020a5d591c000000b00207a060426cmr16850813wrd.305.1649863956918; Wed, 13 Apr 2022 08:32:36 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id b1-20020adfd1c1000000b002058537af75sm33780482wrd.104.2022.04.13.08.32.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Apr 2022 08:32:36 -0700 (PDT) Message-Id: In-Reply-To: References: Date: Wed, 13 Apr 2022 15:32:31 +0000 Subject: [PATCH 3/3] setup: opt-out of check with safe.directory=* Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: gitster@pobox.com, me@ttaylorr.com, johannes.schindelin@gmx.de, Derrick Stolee , Derrick Stolee Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Derrick Stolee From: Derrick Stolee With the addition of the safe.directory in 8959555ce (setup_git_directory(): add an owner check for the top-level directory, 2022-03-02) released in v2.35.2, we are receiving feedback from a variety of users about the feature. Some users have a very large list of shared repositories and find it cumbersome to add this config for every one of them. In a more difficult case, certain workflows involve running Git commands within containers. The container boundary prevents any global or system config from communicating `safe.directory` values from the host into the container. Further, the container almost always runs as a different user than the owner of the directory in the host. To simplify the reactions necessary for these users, extend the definition of the safe.directory config value to include a possible '*' value. This value implies that all directories are safe, providing a single setting to opt-out of this protection. Note that an empty assignment of safe.directory clears all previous values, and this is already the case with the "if (!value || !*value)" condition. Signed-off-by: Derrick Stolee --- Documentation/config/safe.txt | 7 +++++++ setup.c | 6 ++++-- t/t0033-safe-directory.sh | 10 ++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt index 63597b2df8f..6d764fe0ccf 100644 --- a/Documentation/config/safe.txt +++ b/Documentation/config/safe.txt @@ -19,3 +19,10 @@ line option `-c safe.directory=`. The value of this setting is interpolated, i.e. `~/` expands to a path relative to the home directory and `%(prefix)/` expands to a path relative to Git's (runtime) prefix. ++ +To completely opt-out of this security check, set `safe.directory` to the +string `*`. This will allow all repositories to be treated as if their +directory was listed in the `safe.directory` list. If `safe.directory=*` +is set in system config and you want to re-enable this protection, then +initialize your list with an empty value before listing the repositories +that you deem safe. diff --git a/setup.c b/setup.c index a995c359c32..a42b21307f7 100644 --- a/setup.c +++ b/setup.c @@ -1103,9 +1103,11 @@ static int safe_directory_cb(const char *key, const char *value, void *d) if (strcmp(key, "safe.directory")) return 0; - if (!value || !*value) + if (!value || !*value) { data->is_safe = 0; - else { + } else if (!strcmp(value, "*")) { + data->is_safe = 1; + } else { const char *interpolated = NULL; if (!git_config_pathname(&interpolated, key, value) && diff --git a/t/t0033-safe-directory.sh b/t/t0033-safe-directory.sh index 6f33c0dfefa..239d93f4d21 100755 --- a/t/t0033-safe-directory.sh +++ b/t/t0033-safe-directory.sh @@ -36,4 +36,14 @@ test_expect_success 'safe.directory matches, but is reset' ' expect_rejected_dir ' +test_expect_success 'safe.directory=*' ' + git config --global --add safe.directory "*" && + git status +' + +test_expect_success 'safe.directory=*, but is reset' ' + git config --global --add safe.directory "" && + expect_rejected_dir +' + test_done