From patchwork Thu Apr 28 10:58:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Carlo_Marcelo_Arenas_Bel=C3=B3n?= X-Patchwork-Id: 12830477 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 115A6C433FE for ; Thu, 28 Apr 2022 10:59:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345130AbiD1LDL (ORCPT ); Thu, 28 Apr 2022 07:03:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345168AbiD1LCw (ORCPT ); Thu, 28 Apr 2022 07:02:52 -0400 Received: from mail-qv1-xf2f.google.com (mail-qv1-xf2f.google.com [IPv6:2607:f8b0:4864:20::f2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 294E3A204C for ; Thu, 28 Apr 2022 03:59:04 -0700 (PDT) Received: by mail-qv1-xf2f.google.com with SMTP id jt15so2911991qvb.13 for ; Thu, 28 Apr 2022 03:59:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Def9yQQ3IUenybB9/BxRC5wGHNUgLmmvEzUPm2mVd1o=; b=VyKEXfxw/5NGjnIdfzIK2kePWZ4AoSAUBkuYUG7x5zfsqzMjrjozpV76yDztx2GyHZ 4UaBIFwa/JavY6zzdX7JGZLMR3Qw8FBnKnTGRs4ny3SNbhV/Bpf2d6bBf8Xcd1aiszl8 L3iV+KCzdwJOVdM0ViUqr2P4Me32oEu/XXuDb+RWDH8Lvct+KFF/I3iLJn4i0eG3ZDJq KoZ09nShN10tvO3lxf+PuZ8Bcz1pWe1O4xjns2oAYni2CK2JApatCk7ZgQgfpVuVfB6j nMRi0psUW91+TAUlsKL5D4Ywx+ctaX4flB4o0NEyZA8q0R4FuH5BJ+t3Mlw6/VgLzUx7 OVUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Def9yQQ3IUenybB9/BxRC5wGHNUgLmmvEzUPm2mVd1o=; b=wYtXPPeNmp6o/FH8IctEClqILDJTDU1Oe5Oc4BUYekY/+4urNJMSrHavUoLvT/rNs8 /9Imp29HZ5dEnSyhBYngswSfIXY+YdkzQABby73s33HeeB2ReV1FIsLUA+afAYjt7Y+I HyhT9xJSKdzeTiWLz4lBh9ZJACgHus85TvHPHmOONwff/UVQ/wMH4JP80h7aFXN3VIEi N04aIK6I8xtsRpqonshPIeA3bdfidS0nI+6CBmCwrzqic7oach9XS+c3me+lDGMSBVQf pln7HemJYlnZQCZcRF7tWQNMq3Z5ZadAeMZoNfPmnQrA3W/VsXStFZMxbzZLgy2BW9Bw U8rA== X-Gm-Message-State: AOAM531XdN1kXDA9wCPnDYSPB3KmyJm9gxUAsvt0godQqh17uKq8YPEi LzmFrcfWDm2fKn7n78g5W+NjmtTBmeY= X-Google-Smtp-Source: ABdhPJyY/Sw8f19rTULHdmbqr+yxxLntJMEVT9KeLheVaYDxeRQRoz+dmNNn7063sKa/cVkqlp7RgA== X-Received: by 2002:ad4:5c4c:0:b0:456:4d9e:db91 with SMTP id a12-20020ad45c4c000000b004564d9edb91mr7148185qva.37.1651143543093; Thu, 28 Apr 2022 03:59:03 -0700 (PDT) Received: from carlos-mbp.lan (104-1-92-200.lightspeed.sntcca.sbcglobal.net. [104.1.92.200]) by smtp.gmail.com with ESMTPSA id v3-20020a05622a014300b002e1dcd4cfa9sm12950299qtw.64.2022.04.28.03.59.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Apr 2022 03:59:02 -0700 (PDT) From: =?utf-8?q?Carlo_Marcelo_Arenas_Bel=C3=B3n?= To: git@vger.kernel.org Cc: gitster@pobox.com, =?utf-8?q?Carlo_Marcelo_Arenas_Bel=C3=B3n?= , Guy Maurel , =?utf-8?q?SZEDER_G=C3=A1bor?= , Randall Becker , Phillip Wood , Johannes Schindelin Subject: [PATCH v2 1/3] git-compat-util: avoid failing dir ownership checks if running privileged Date: Thu, 28 Apr 2022 03:58:50 -0700 Message-Id: <20220428105852.94449-2-carenas@gmail.com> X-Mailer: git-send-email 2.36.0.352.g0cd7feaf86f In-Reply-To: <20220428105852.94449-1-carenas@gmail.com> References: <20220428033544.68188-1-carenas@gmail.com> <20220428105852.94449-1-carenas@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org bdc77d1d685 (Add a function to determine whether a path is owned by the current user, 2022-03-02) checks for the effective uid of the running process using geteuid() but didn't account for cases where that user was root (because git was invoked through sudo or a compatible tool) and the original uid that repository trusted for its config was no longer known, therefore failing the following otherwise safe call: guy@renard ~/Software/uncrustify $ sudo git describe --always --dirty [sudo] password for guy: fatal: unsafe repository ('/home/guy/Software/uncrustify' is owned by someone else) Attempt to detect those cases by using the environment variables that those tools create to keep track of the original user id, and do the ownership check using that instead. This assumes the environment the user is running with after going privileged can't be tampered with, and also does the check only for root to keep the most common case less complicated, but as a side effect will miss cases where sudo (or an equivalent) was used to change to another unprivileged user or where the equivalent tool used to raise privileges didn't track the original id in a sudo compatible way. Reported-by: Guy Maurel Helped-by: SZEDER Gábor Helped-by: Randall Becker Helped-by: Phillip Wood Suggested-by: Johannes Schindelin Signed-off-by: Carlo Marcelo Arenas Belón Signed-off-by: Junio C Hamano --- git-compat-util.h | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/git-compat-util.h b/git-compat-util.h index 63ba89dd31d..dfdd3e4f81a 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -393,12 +393,50 @@ static inline int git_offset_1st_component(const char *path) #endif #ifndef is_path_owned_by_current_user + +#ifdef __TANDEM +#define ROOT_UID 65535 +#else +#define ROOT_UID 0 +#endif + +/* + * this helper function overrides a ROOT_UID with the one provided by + * an environment variable, do not use unless the original user is + * root + */ +static inline void extract_id_from_env(const char *env, uid_t *id) +{ + const char *real_uid = getenv(env); + + /* discard any empty values */ + if (real_uid && *real_uid) { + char *endptr; + unsigned long env_id; + int saved_errno = errno; + + errno = 0; + env_id = strtoul(real_uid, &endptr, 10); + if (!errno && !*endptr && env_id <= (uid_t)-1) + *id = env_id; + + errno = saved_errno; + } +} + static inline int is_path_owned_by_current_uid(const char *path) { struct stat st; + uid_t euid; + if (lstat(path, &st)) return 0; - return st.st_uid == geteuid(); + + euid = geteuid(); + if (euid == ROOT_UID) + extract_id_from_env("SUDO_UID", &euid); + + return st.st_uid == euid; } #define is_path_owned_by_current_user is_path_owned_by_current_uid From patchwork Thu Apr 28 10:58:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Carlo_Marcelo_Arenas_Bel=C3=B3n?= X-Patchwork-Id: 12830478 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55BFCC433F5 for ; Thu, 28 Apr 2022 11:00:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345087AbiD1LDM (ORCPT ); Thu, 28 Apr 2022 07:03:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345171AbiD1LCx (ORCPT ); Thu, 28 Apr 2022 07:02:53 -0400 Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B0CCA2050 for ; Thu, 28 Apr 2022 03:59:05 -0700 (PDT) Received: by mail-qk1-x733.google.com with SMTP id c1so3252142qkf.13 for ; Thu, 28 Apr 2022 03:59:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=guVDKogfG3oQKgGegLo7TonuJFaFJsfLFKFxxzoJAoY=; b=eZcNgFmQ+0nuMQ7hOTpIbJX9AQt93XWZEf+1AE+X0trYPBKhH9PgX9wqg7ORJVIrlP kxtVvq6yr2I+C+VNVgI1Gd21vYAY79vItdv2Es5zs48LW/OR8rrLE9IjUABuXfsMnvOc PnDnveWNrpat+R9Nzkld21RdH+auRbYdU0qs+USJww+EBXmZ24hury1MoyVr4urYVQ9A xAGuhup6fJlE/AHdAlgauO0yDqVJ/eYv0gZ56fvxcm4NHb9jSFjyWoxvHGQ3XL5vpGda KH5lvgyJLlHe8FLjYEoZdAjrDTAr0ooIstkNJc1zIZZVbeAbTsu8rwuT+8xZdvD60q8f 3hqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=guVDKogfG3oQKgGegLo7TonuJFaFJsfLFKFxxzoJAoY=; b=vxOAFLgUrKE784b6s2cmkh1svodnnq9hj3eQ4RQCHxs/QX4GmaEIJc1TYY1vMFZQQP mye8I9FbyggU6Zvn7aCJ2AIsutfVYkv9lsY9VH/g+xWjBNzhTTiAtXGSGfWd3X0SV/Ks 58xXdwePwGSVd1RIdLTtys/RW/5fIGHJ+hMBFe11upwDUnWnwfnTlGgFiaYoX7XW/D6a MqbAs5eRy/aVvrO6THakW0GRupSbK4UEUsMEye2YRRl7XcZN2RVGTJaWlyTtxd8ir3cP YgYg5+JzkLVAYyulp4SMZePP1KgVJaJ3UykgKN+9r3OwTKEfe+9VwX52NYu02agK0JIH BGbQ== X-Gm-Message-State: AOAM532tD7TpFyyKwp/i9nt5D8UaUtxR/G4lAdel2OR0wE4iKk2dtG0Z QnC89BBaVN3sgXgOcosA11N92baVQak= X-Google-Smtp-Source: ABdhPJx82bFcTo9xNa0zXf5MrQVmE02gR1htTZW10eyz1pNo6/V5zh3qWQQOa9G6n7waYtQC+L/8Ag== X-Received: by 2002:a05:620a:171f:b0:69f:60aa:3d2f with SMTP id az31-20020a05620a171f00b0069f60aa3d2fmr11016907qkb.23.1651143544031; Thu, 28 Apr 2022 03:59:04 -0700 (PDT) Received: from carlos-mbp.lan (104-1-92-200.lightspeed.sntcca.sbcglobal.net. [104.1.92.200]) by smtp.gmail.com with ESMTPSA id v3-20020a05622a014300b002e1dcd4cfa9sm12950299qtw.64.2022.04.28.03.59.03 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Apr 2022 03:59:03 -0700 (PDT) From: =?utf-8?q?Carlo_Marcelo_Arenas_Bel=C3=B3n?= To: git@vger.kernel.org Cc: gitster@pobox.com, =?utf-8?q?Carlo_Marcelo_Arenas_Bel=C3=B3n?= Subject: [PATCH v2 2/3] Documentation: explain how safe.directory works when running under sudo Date: Thu, 28 Apr 2022 03:58:51 -0700 Message-Id: <20220428105852.94449-3-carenas@gmail.com> X-Mailer: git-send-email 2.36.0.352.g0cd7feaf86f In-Reply-To: <20220428105852.94449-1-carenas@gmail.com> References: <20220428033544.68188-1-carenas@gmail.com> <20220428105852.94449-1-carenas@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a previous patch, the behavior of git was changed so it will be able to find the "effective uid" that is required when git was invoked with sudo to root, for example the internal calls made to git when calling the following in git's own repository: $ sudo make install Signed-off-by: Carlo Marcelo Arenas Belón Signed-off-by: Junio C Hamano --- Documentation/config/safe.txt | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt index 6d764fe0ccf..ee558ced8c7 100644 --- a/Documentation/config/safe.txt +++ b/Documentation/config/safe.txt @@ -26,3 +26,12 @@ directory was listed in the `safe.directory` list. If `safe.directory=*` is set in system config and you want to re-enable this protection, then initialize your list with an empty value before listing the repositories that you deem safe. ++ +When git tries to check for ownership of git repositories, it will +obviously do so with the uid of the user that is running git itself, +but if git is running as root, it will check first if it might have +been started through `sudo`, and if that is the case, will instead +use the uid of the user that did so. +If that is not what you would prefer and want git to only trust +repositories that are owned by root instead, then you should remove +the `SUDO_UID` variable from root's environment. From patchwork Thu Apr 28 10:58:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Carlo_Marcelo_Arenas_Bel=C3=B3n?= X-Patchwork-Id: 12830480 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3829EC433EF for ; Thu, 28 Apr 2022 11:00:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345238AbiD1LDQ (ORCPT ); Thu, 28 Apr 2022 07:03:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345032AbiD1LCy (ORCPT ); Thu, 28 Apr 2022 07:02:54 -0400 Received: from mail-qv1-xf32.google.com (mail-qv1-xf32.google.com [IPv6:2607:f8b0:4864:20::f32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3DE35A2056 for ; Thu, 28 Apr 2022 03:59:06 -0700 (PDT) Received: by mail-qv1-xf32.google.com with SMTP id jt15so2912052qvb.13 for ; Thu, 28 Apr 2022 03:59:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6d0ksTklETtJVv8qjD03tTEXlY+EgLIs5NIYxI833M4=; b=QQnb9KvO/KqBhSdXKI6LgebBodlDxV2vpGH8BYUuDKgfpjAshmLmmHhXFWQoYa/tbq 5t8uRKlciX/c1zFF1NypifU7Qguo7eED91nkqcEpSx8MF9oig/CcN42rbyUMbPwatCIB 1fZTrSB14Plriqd+poMMvSh/6Zv3GsCpQZb3cxD5Gwuf8R70TLBH4tKpwpaTjMk1+4aU N4/U6zCE06PSSxuOSFK7+jg+xh3GXL/mse6aPLVUgrc4WDJX46ODf/O4If5V7ZUoXQ1C oaZEQlK1FFX8F1JeqWoWxOtK7q+5dgbnY0IWSe+5YDwqnYiWZQz8tVcEpCwe/6oG2AMv m6tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6d0ksTklETtJVv8qjD03tTEXlY+EgLIs5NIYxI833M4=; b=ZupIarRQQVXL+W3nRydyb7ca/5v1jASFtvLnavgLSspdmRyZo+NEgqCcN/8PzfQogB ArB/UrKhZy2ydDvZM4XhYz2bINV9SMMzB5uz2pr7HcBzL02DmCVD4Nd7/1uZJYg7p6SU PLExbU1lJiC4XqInWujxhQWd5EoakKoEI9yJtJ1fP4n120RJ13x442cKpESVfOzBDk2N A56Idzys9pC9vDISZxqH+MbDC+O6LRMvVxJxIVhQ0NAIT+SQKJ3M179WqG4vc9TQ0r8/ fUQ9LJYYBFFkuRhGYSkE4NoXe1O3lpfLq9AHKhq4uqp7Rv+7roRVmGS7YAdWU8FKx80A u3LQ== X-Gm-Message-State: AOAM533rXTp4RCUDWbbWfRffWNxwnHcGjRww+CIJAXNdoinBaKybQjh5 T+Ooxdvm/SvkbakGtFUICRTCN1YJHUs= X-Google-Smtp-Source: ABdhPJxJ+kgEOsErArGgbriy6DSd7/xfXZuOA7hRLG5+TDkn49pxMHnqoMbbtxZa/ATuSr+MD+6bTA== X-Received: by 2002:a0c:a68a:0:b0:443:d22b:cdff with SMTP id t10-20020a0ca68a000000b00443d22bcdffmr23412247qva.47.1651143545023; Thu, 28 Apr 2022 03:59:05 -0700 (PDT) Received: from carlos-mbp.lan (104-1-92-200.lightspeed.sntcca.sbcglobal.net. [104.1.92.200]) by smtp.gmail.com with ESMTPSA id v3-20020a05622a014300b002e1dcd4cfa9sm12950299qtw.64.2022.04.28.03.59.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Apr 2022 03:59:04 -0700 (PDT) From: =?utf-8?q?Carlo_Marcelo_Arenas_Bel=C3=B3n?= To: git@vger.kernel.org Cc: gitster@pobox.com, =?utf-8?q?Carlo_Marcelo_Arenas_Bel=C3=B3n?= Subject: [PATCH v2 3/3] t: add tests for safe.directory when running with sudo Date: Thu, 28 Apr 2022 03:58:52 -0700 Message-Id: <20220428105852.94449-4-carenas@gmail.com> X-Mailer: git-send-email 2.36.0.352.g0cd7feaf86f In-Reply-To: <20220428105852.94449-1-carenas@gmail.com> References: <20220428033544.68188-1-carenas@gmail.com> <20220428105852.94449-1-carenas@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org In a previous commit the functionality for fixing this regression was implemented, so add the basic infrastructure needed to run sudo and implement some tests with it. This new test is meant to be mainly run in CI and therefore assumes that the system where it runs provides passwordless sudo to root and doesn't sanitize the path. All tests should depend on the new SUDO prerequisite which validates that setup is available but it could also run locally, with the right configuration and maybe making use of the sudo credential cache by first invoking sudo, entering your password if needed, and then invoking the test by doing: $ IKNOWWHATIAMDOING=YES ./t0034-root-safe-directory.sh It is slightly awkward as it needs to run its own clean up task at the end to remove the root owned directories and that the test framework can't yet manage, can't use the library inside sudo and it creates its own subtree and repositories while ignoring the one provided by the framework, but improving that has been punted for now. Signed-off-by: Carlo Marcelo Arenas Belón Signed-off-by: Junio C Hamano Reviewed-by: Junio C Hamano --- t/t0034-root-safe-directory.sh | 87 ++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100755 t/t0034-root-safe-directory.sh diff --git a/t/t0034-root-safe-directory.sh b/t/t0034-root-safe-directory.sh new file mode 100755 index 00000000000..fb54a2fb851 --- /dev/null +++ b/t/t0034-root-safe-directory.sh @@ -0,0 +1,87 @@ +#!/bin/sh + +test_description='verify safe.directory checks while running as root' + +. ./test-lib.sh + +if [ "$IKNOWWHATIAMDOING" != "YES" ]; then + skip_all="You must set env var IKNOWWHATIAMDOING=YES in order to run this test" + test_done +fi + +is_root() { + test -n "$1" && CMD="sudo -n" + test $($CMD id -u) = $(id -u root) +} + +test_lazy_prereq SUDO ' + is_root sudo && + ! sudo grep -E '^[^#].*secure_path' /etc/sudoers +' + +test_lazy_prereq ROOT ' + is_root +' + +test_expect_success SUDO 'setup' ' + sudo rm -rf root && + mkdir -p root/r && + sudo chown root root && + ( + cd root/r && + git init + ) +' + +test_expect_success SUDO 'sudo git status as original owner' ' + ( + cd root/r && + git status && + sudo git status + ) +' + +test_expect_success SUDO 'setup root owned repository' ' + sudo mkdir -p root/p && + sudo git init root/p +' + +test_expect_success SUDO,!ROOT 'can access if owned by root' ' + ( + cd root/p && + test_must_fail git status + ) +' + +test_expect_success SUDO,!ROOT 'can access with sudo' ' + # fail to access using sudo + ( + # TODO: test_must_fail missing functionality + cd root/p && + ! sudo git status + ) +' + +test_expect_success SUDO 'can access with workaround' ' + # provide explicit GIT_DIR + ( + cd root/p && + sudo sh -c " + GIT_DIR=.git GIT_WORK_TREE=. git status + " + ) && + # discard SUDO_UID + ( + cd root/p && + sudo sh -c " + unset SUDO_UID && + git status + " + ) +' + +test_expect_success SUDO 'cleanup' ' + sudo rm -rf root +' + +test_done