<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/setup.c, branch v2.37.4</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.37.4</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.37.4'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2022-08-26T18:13:12Z</updated>
<entry>
<title>Merge branch 'js/safe-directory-plus' into maint</title>
<updated>2022-08-26T18:13:12Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2022-08-26T18:13:12Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=10f9eab3473c568264e0f2437d7031c5bb6bb443'/>
<id>urn:sha1:10f9eab3473c568264e0f2437d7031c5bb6bb443</id>
<content type='text'>
Platform-specific code that determines if a directory is OK to use
as a repository has been taught to report more details, especially
on Windows.
source: &lt;pull.1286.v2.git.1659965270.gitgitgadget@gmail.com&gt;

* js/safe-directory-plus:
  mingw: handle a file owned by the Administrators group correctly
  mingw: be more informative when ownership check fails on FAT32
  mingw: provide details about unsafe directories' ownership
  setup: prepare for more detailed "dubious ownership" messages
  setup: fix some formatting
</content>
</entry>
<entry>
<title>setup: prepare for more detailed "dubious ownership" messages</title>
<updated>2022-08-08T16:25:40Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-08-08T13:27:47Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=17d3883fe9c88b823002ad9fafb42313ddc3d3d5'/>
<id>urn:sha1:17d3883fe9c88b823002ad9fafb42313ddc3d3d5</id>
<content type='text'>
When verifying the ownership of the Git directory, we sometimes would
like to say a bit more about it, e.g. when using a platform-dependent
code path (think: Windows has the permission model that is so different
from Unix'), but only when it is a appropriate to actually say
something.

To allow for that, collect that information and hand it back to the
caller (whose responsibility it is to show it or not).

Note: We do not actually fill in any platform-dependent information yet,
this commit just adds the infrastructure to be able to do so.

Based-on-an-idea-by: Junio C Hamano &lt;gitster@pobox.com&gt;
Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>setup: fix some formatting</title>
<updated>2022-08-08T16:24:00Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-08-08T13:27:46Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=d51e1dff980b9fc87002436b6ab36120a39816b1'/>
<id>urn:sha1:d51e1dff980b9fc87002436b6ab36120a39816b1</id>
<content type='text'>
In preparation for touching code that was introduced in 3b0bf2704980
(setup: tighten ownership checks post CVE-2022-24765, 2022-05-10) and
that was formatted differently than preferred in the Git project, fix
the indentation before actually modifying the code.

Signed-off-by: Johannes Schindelin &lt;johannes.schindelin@gmx.de&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'cr/setup-bug-typo' into maint</title>
<updated>2022-07-27T20:19:49Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2022-07-27T20:19:49Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=c0454798ac436fa16cdd2bd1adee6054b4ea93ea'/>
<id>urn:sha1:c0454798ac436fa16cdd2bd1adee6054b4ea93ea</id>
<content type='text'>
Typofix in a BUG() message.
source: &lt;pull.1255.git.1654782920256.gitgitgadget@gmail.com&gt;

* cr/setup-bug-typo:
  setup: fix function name in a BUG() message
</content>
</entry>
<entry>
<title>Sync with Git 2.36.2</title>
<updated>2022-06-27T19:41:41Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2022-06-27T19:36:11Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=69ab3309e96279b3f323ceb1b8c2ebf670788c8e'/>
<id>urn:sha1:69ab3309e96279b3f323ceb1b8c2ebf670788c8e</id>
<content type='text'>
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Sync with 2.35.4</title>
<updated>2022-06-23T10:36:12Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-06-23T10:36:12Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=8f8eea8c3aba154ce1f9eaab4fa06c73b60550dc'/>
<id>urn:sha1:8f8eea8c3aba154ce1f9eaab4fa06c73b60550dc</id>
<content type='text'>
* maint-2.35:
  Git 2.35.4
  Git 2.34.4
  Git 2.33.4
  Git 2.32.3
  Git 2.31.4
  Git 2.30.5
  setup: tighten ownership checks post CVE-2022-24765
  git-compat-util: allow root to access both SUDO_UID and root owned
  t0034: add negative tests and allow git init to mostly work under sudo
  git-compat-util: avoid failing dir ownership checks if running privileged
  t: regression git needs safe.directory when using sudo
</content>
</entry>
<entry>
<title>Sync with 2.34.4</title>
<updated>2022-06-23T10:36:03Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-06-23T10:36:03Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=aef3d5948c5b00a0409e117da7e720f574040505'/>
<id>urn:sha1:aef3d5948c5b00a0409e117da7e720f574040505</id>
<content type='text'>
* maint-2.34:
  Git 2.34.4
  Git 2.33.4
  Git 2.32.3
  Git 2.31.4
  Git 2.30.5
  setup: tighten ownership checks post CVE-2022-24765
  git-compat-util: allow root to access both SUDO_UID and root owned
  t0034: add negative tests and allow git init to mostly work under sudo
  git-compat-util: avoid failing dir ownership checks if running privileged
  t: regression git needs safe.directory when using sudo
</content>
</entry>
<entry>
<title>Sync with 2.32.3</title>
<updated>2022-06-23T10:35:38Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-06-23T10:35:38Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=eebfde3f213e2990727a64da0d7d04ad961a28b0'/>
<id>urn:sha1:eebfde3f213e2990727a64da0d7d04ad961a28b0</id>
<content type='text'>
* maint-2.32:
  Git 2.32.3
  Git 2.31.4
  Git 2.30.5
  setup: tighten ownership checks post CVE-2022-24765
  git-compat-util: allow root to access both SUDO_UID and root owned
  t0034: add negative tests and allow git init to mostly work under sudo
  git-compat-util: avoid failing dir ownership checks if running privileged
  t: regression git needs safe.directory when using sudo
</content>
</entry>
<entry>
<title>Sync with 2.31.4</title>
<updated>2022-06-23T10:35:30Z</updated>
<author>
<name>Johannes Schindelin</name>
<email>johannes.schindelin@gmx.de</email>
</author>
<published>2022-06-23T10:35:30Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=fc0c773028685cdbae35c6c71f3fd3b87ab70985'/>
<id>urn:sha1:fc0c773028685cdbae35c6c71f3fd3b87ab70985</id>
<content type='text'>
* maint-2.31:
  Git 2.31.4
  Git 2.30.5
  setup: tighten ownership checks post CVE-2022-24765
  git-compat-util: allow root to access both SUDO_UID and root owned
  t0034: add negative tests and allow git init to mostly work under sudo
  git-compat-util: avoid failing dir ownership checks if running privileged
  t: regression git needs safe.directory when using sudo
</content>
</entry>
<entry>
<title>setup: tighten ownership checks post CVE-2022-24765</title>
<updated>2022-06-23T10:31:05Z</updated>
<author>
<name>Carlo Marcelo Arenas Belón</name>
<email>carenas@gmail.com</email>
</author>
<published>2022-05-10T19:35:29Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=3b0bf2704980b1ed6018622bdf5377ec22289688'/>
<id>urn:sha1:3b0bf2704980b1ed6018622bdf5377ec22289688</id>
<content type='text'>
8959555cee7 (setup_git_directory(): add an owner check for the top-level
directory, 2022-03-02), adds a function to check for ownership of
repositories using a directory that is representative of it, and ways to
add exempt a specific repository from said check if needed, but that
check didn't account for owership of the gitdir, or (when used) the
gitfile that points to that gitdir.

An attacker could create a git repository in a directory that they can
write into but that is owned by the victim to work around the fix that
was introduced with CVE-2022-24765 to potentially run code as the
victim.

An example that could result in privilege escalation to root in *NIX would
be to set a repository in a shared tmp directory by doing (for example):

  $ git -C /tmp init

To avoid that, extend the ensure_valid_ownership function to be able to
check for all three paths.

This will have the side effect of tripling the number of stat() calls
when a repository is detected, but the effect is expected to be likely
minimal, as it is done only once during the directory walk in which Git
looks for a repository.

Additionally make sure to resolve the gitfile (if one was used) to find
the relevant gitdir for checking.

While at it change the message printed on failure so it is clear we are
referring to the repository by its worktree (or gitdir if it is bare) and
not to a specific directory.

Helped-by: Junio C Hamano &lt;junio@pobox.com&gt;
Helped-by: Johannes Schindelin &lt;Johannes.Schindelin@gmx.de&gt;
Signed-off-by: Carlo Marcelo Arenas Belón &lt;carenas@gmail.com&gt;
</content>
</entry>
</feed>
