9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] git/fetch problem in group writable repositories
@ 2021-07-16  5:49 Anthony Martin
  2021-07-16 16:05 ` ori
  0 siblings, 1 reply; 6+ messages in thread
From: Anthony Martin @ 2021-07-16  5:49 UTC (permalink / raw)
  To: 9front

If you create a git repository in a directory that
is group writable, running git/fetch will leave
behind an empty .git/objects/pack/fetch.tmp file
with mode 0644 in a number of scenarios:

	- if passed the -l flag
	- if the local repository is up to date
	- if there is a fatal error in fetchpack

If another user in the same group subsequently
tries to run git/fetch, it will fail since the
temporary pack file was not removed and cannot
be overwritten.

The calls to create need to be at least 0660 for
files and 0770 for directories.  It may also make
sense to create the temporary files with OEXCL
instead of truncating them if they already exist
or to use a name that's less likely to be reused
as in serve.c:/^updatepack.

Another thing to think about it is if we should
grab a lock of some kind before operations that
will modify a repository that is group writable.
Or just have a policy of "don't do that".

Thoughts?
  Anthony

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-07-17  6:29 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-16  5:49 [9front] git/fetch problem in group writable repositories Anthony Martin
2021-07-16 16:05 ` ori
2021-07-16 18:44   ` cinap_lenrek
2021-07-16 19:36     ` ori
2021-07-17  0:12       ` cinap_lenrek
2021-07-17  0:11     ` Anthony Martin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).