diff options
| author | Junio C Hamano <gitster@pobox.com> | 2022-05-26 14:51:32 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2022-05-26 14:51:32 -0700 |
| commit | 2088a0c0cd61ab6c98064e68619e1d931a4619e2 (patch) | |
| tree | 019467eb47821e6e132453f42f51424fc77b7c4d /git-compat-util.h | |
| parent | 7ec4a9e74f6a5a54b2b82578496d1225be6e76f4 (diff) | |
| parent | b9063afda17a2aa6310423c9f7b776c41f753091 (diff) | |
| download | git-2088a0c0cd61ab6c98064e68619e1d931a4619e2.tar.gz | |
Merge branch 'cb/path-owner-check-with-sudo'
With a recent update to refuse access to repositories of other
people by default, "sudo make install" and "sudo git describe"
stopped working. This series intends to loosen it while keeping
the safety.
* cb/path-owner-check-with-sudo:
t0034: add negative tests and allow git init to mostly work under sudo
git-compat-util: avoid failing dir ownership checks if running privileged
t: regression git needs safe.directory when using sudo
Diffstat (limited to 'git-compat-util.h')
| -rw-r--r-- | git-compat-util.h | 53 |
1 files changed, 52 insertions, 1 deletions
diff --git a/git-compat-util.h b/git-compat-util.h index 58fd813bd0..96293b6c43 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -437,12 +437,63 @@ static inline int git_offset_1st_component(const char *path) #endif #ifndef is_path_owned_by_current_user + +#ifdef __TANDEM +#define ROOT_UID 65535 +#else +#define ROOT_UID 0 +#endif + +/* + * Do not use this function when + * (1) geteuid() did not say we are running as 'root', or + * (2) using this function will compromise the system. + * + * PORTABILITY WARNING: + * This code assumes uid_t is unsigned because that is what sudo does. + * If your uid_t type is signed and all your ids are positive then it + * should all work fine. + * If your version of sudo uses negative values for uid_t or it is + * buggy and return an overflowed value in SUDO_UID, then git might + * fail to grant access to your repository properly or even mistakenly + * grant access to someone else. + * In the unlikely scenario this happened to you, and that is how you + * got to this message, we would like to know about it; so sent us an + * email to git@vger.kernel.org indicating which platform you are + * using and which version of sudo, so we can improve this logic and + * maybe provide you with a patch that would prevent this issue again + * in the future. + */ +static inline void extract_id_from_env(const char *env, uid_t *id) +{ + const char *real_uid = getenv(env); + + /* discard anything empty to avoid a more complex check below */ + if (real_uid && *real_uid) { + char *endptr = NULL; + unsigned long env_id; + + errno = 0; + /* silent overflow errors could trigger a bug here */ + env_id = strtoul(real_uid, &endptr, 10); + if (!*endptr && !errno) + *id = env_id; + } +} + static inline int is_path_owned_by_current_uid(const char *path) { struct stat st; + uid_t euid; + if (lstat(path, &st)) return 0; - return st.st_uid == geteuid(); + + euid = geteuid(); + if (euid == ROOT_UID) + extract_id_from_env("SUDO_UID", &euid); + + return st.st_uid == euid; } #define is_path_owned_by_current_user is_path_owned_by_current_uid |