git.ipfire.org Git - thirdparty/git.git/commit

author	Kyle Lippincott <spectral@google.com>
	Sat, 20 Jan 2024 00:08:22 +0000 (00:08 +0000)
committer	Junio C Hamano <gitster@pobox.com>
	Sat, 20 Jan 2024 22:11:49 +0000 (14:11 -0800)
commit	45bb91624804d3e3a70cfc1ba0eae5577f81fc38
tree	318b9e0ddad9816c8548b55fc049b22fe5e9b6eb	tree \| snapshot
parent	564d0252ca632e0264ed670534a51d18a689ef5d	commit \| diff

setup: allow cwd=.git w/ bareRepository=explicit

The safe.bareRepository setting can be set to 'explicit' to disallow
implicit uses of bare repositories, preventing an attack [1] where an
artificial and malicious bare repository is embedded in another git
repository. Unfortunately, some tooling uses myrepo/.git/ as the cwd
when executing commands, and this is blocked when
safe.bareRepository=explicit. Blocking is unnecessary, as git already
prevents nested .git directories.

Teach git to not reject uses of git inside of the .git directory: check
if cwd is .git (or a subdirectory of it) and allow it even if
safe.bareRepository=explicit.

[1] https://github.com/justinsteven/advisories/blob/main/2022_git_buried_bare_repos_and_fsmonitor_various_abuses.md

Signed-off-by: Kyle Lippincott <spectral@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

setup.c		diff \| blob \| blame \| history
t/t0035-safe-bare-repository.sh		diff \| blob \| blame \| history