git/Documentation, branch v2.34.2

Git 2.34.2

2022-03-23T23:31:36Z

Signed-off-by: Johannes Schindelin

Sync with 2.33.2

2022-03-23T23:31:36Z

* maint-2.33: Git 2.33.2 Git 2.32.1 Git 2.31.2 GIT-VERSION-GEN: bump to v2.33.1 Git 2.30.3 setup_git_directory(): add an owner check for the top-level directory Add a function to determine whether a path is owned by the current user

Git 2.33.2

2022-03-23T23:31:32Z

Signed-off-by: Johannes Schindelin

Sync with 2.32.1

2022-03-23T23:31:32Z

* maint-2.32: Git 2.32.1 Git 2.31.2 Git 2.30.3 setup_git_directory(): add an owner check for the top-level directory Add a function to determine whether a path is owned by the current user

Git 2.32.1

2022-03-23T23:31:29Z

Signed-off-by: Johannes Schindelin

Sync with 2.31.2

2022-03-23T23:31:28Z

* maint-2.31: Git 2.31.2 Git 2.30.3 setup_git_directory(): add an owner check for the top-level directory Add a function to determine whether a path is owned by the current user

Git 2.31.2

2022-03-23T23:24:29Z

Signed-off-by: Johannes Schindelin

Sync with 2.30.3

2022-03-23T23:24:29Z

* maint-2.30: Git 2.30.3 setup_git_directory(): add an owner check for the top-level directory Add a function to determine whether a path is owned by the current user

Git 2.30.3

2022-03-23T23:22:17Z

Signed-off-by: Johannes Schindelin

setup_git_directory(): add an owner check for the top-level directory

2022-03-21T12:16:26Z

It poses a security risk to search for a git directory outside of the directories owned by the current user. For example, it is common e.g. in computer pools of educational institutes to have a "scratch" space: a mounted disk with plenty of space that is regularly swiped where any authenticated user can create a directory to do their work. Merely navigating to such a space with a Git-enabled `PS1` when there is a maliciously-crafted `/scratch/.git/` can lead to a compromised account. The same holds true in multi-user setups running Windows, as `C:\` is writable to every authenticated user by default. To plug this vulnerability, we stop Git from accepting top-level directories owned by someone other than the current user. We avoid looking at the ownership of each and every directories between the current and the top-level one (if there are any between) to avoid introducing a performance bottleneck. This new default behavior is obviously incompatible with the concept of shared repositories, where we expect the top-level directory to be owned by only one of its legitimate users. To re-enable that use case, we add support for adding exceptions from the new default behavior via the config setting `safe.directory`. The `safe.directory` config setting is only respected in the system and global configs, not from repository configs or via the command-line, and can have multiple values to allow for multiple shared repositories. We are particularly careful to provide a helpful message to any user trying to use a shared repository. Signed-off-by: Johannes Schindelin