From: Taylor Blau <me@ttaylorr.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Glen Choo <chooglen@google.com>,
git@vger.kernel.org, Emily Shaffer <emilyshaffer@google.com>,
justin@justinsteven.com, martinvonz@google.com,
"brian m. carlson" <sandals@crustytoothpaste.net>
Subject: Re: Bare repositories in the working tree are a security risk
Date: Fri, 15 Apr 2022 20:52:16 -0400 [thread overview]
Message-ID: <YloTQH35r2xVdPm1@nand.local> (raw)
In-Reply-To: <xmqqk0bqat4d.fsf@gitster.g>
On Fri, Apr 15, 2022 at 03:17:54PM -0700, Junio C Hamano wrote:
> What worries me more is the effect on _other_ people's server
> implementations ("server", because that is one major class of use
> case of bare repositories). Essentially they need to identify the
> places where they depend on the current behaviour (i.e. going to the
> bare repository is enough to use it) and export GIT_DIR=. when they
> invoke "git" there. The actual change that is necessary might be
> small, but identifying the places that need such changes may be
> added burden to them.
I'm definitely biased here, but I think that this is probably too big of
a burden to place on forge administrators.
Every repository on GitHub (and I suspect GitLab, too) is written as a
bare repository on disk, and so having to inject `GIT_DIR=.` into every
git invocation, while doable, seems like an unnecessary pain to impose.
I suppose you could hide this behavior behind an opt-in configuration
setting, e.g., `core.bareDiscovery` which determines whether or not we
will try to discover bare repositories without `GIT_DIR` in the
environment. That setting could default to true to avoid breaking
existing use-cases.
But I think that's just masking the overall pain that this approach
would incur, without providing much protection, so I wouldn't be unhappy
to see us pursue a different approach here.
Thanks,
Taylor
next prev parent reply other threads:[~2022-04-16 2:06 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-06 22:43 Bare repositories in the working tree are a security risk Glen Choo
2022-04-06 23:22 ` [PATCH] fsck: detect bare repos in trees and warn Glen Choo
2022-04-07 12:42 ` Johannes Schindelin
2022-04-07 13:21 ` Derrick Stolee
2022-04-07 14:14 ` Ævar Arnfjörð Bjarmason
2022-04-14 20:02 ` Glen Choo
2022-04-15 12:46 ` Ævar Arnfjörð Bjarmason
2022-04-07 15:11 ` Junio C Hamano
2022-04-13 22:24 ` Glen Choo
2022-04-07 13:12 ` Ævar Arnfjörð Bjarmason
2022-04-07 15:20 ` Junio C Hamano
2022-04-07 18:38 ` Bare repositories in the working tree are a security risk John Cai
2022-04-07 21:24 ` brian m. carlson
2022-04-07 21:53 ` Justin Steven
2022-04-07 22:10 ` brian m. carlson
2022-04-07 22:40 ` rsbecker
2022-04-08 5:54 ` Junio C Hamano
2022-04-14 0:03 ` Junio C Hamano
2022-04-14 0:04 ` Glen Choo
2022-04-13 23:44 ` Glen Choo
2022-04-13 20:37 ` Glen Choo
2022-04-13 23:36 ` Junio C Hamano
2022-04-14 16:41 ` Glen Choo
2022-04-14 17:35 ` Junio C Hamano
2022-04-14 18:19 ` Junio C Hamano
2022-04-15 21:33 ` Glen Choo
2022-04-15 22:17 ` Junio C Hamano
2022-04-16 0:52 ` Taylor Blau [this message]
2022-04-15 22:43 ` Glen Choo
2022-04-15 20:13 ` Junio C Hamano
2022-04-15 23:45 ` Glen Choo
2022-04-15 23:59 ` Glen Choo
2022-04-16 1:00 ` Taylor Blau
2022-04-16 1:18 ` Junio C Hamano
2022-04-16 1:30 ` Taylor Blau
2022-04-16 0:34 ` Glen Choo
2022-04-16 0:41 ` Glen Choo
2022-04-16 1:28 ` Taylor Blau
2022-04-21 18:25 ` Emily Shaffer
2022-04-21 18:29 ` Emily Shaffer
2022-04-21 18:47 ` Junio C Hamano
2022-04-21 18:54 ` Taylor Blau
2022-04-21 19:09 ` Taylor Blau
2022-04-21 21:01 ` Emily Shaffer
2022-04-21 21:22 ` Taylor Blau
2022-04-29 23:57 ` Glen Choo
2022-04-30 1:14 ` Taylor Blau
2022-05-02 19:39 ` Glen Choo
2022-05-02 14:05 ` Philip Oakley
2022-05-02 18:50 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YloTQH35r2xVdPm1@nand.local \
--to=me@ttaylorr.com \
--cc=chooglen@google.com \
--cc=emilyshaffer@google.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=justin@justinsteven.com \
--cc=martinvonz@google.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).