9front - general discussion about 9front
 help / color / mirror / Atom feed
From: Anthony Martin <ality@pbrane.org>
To: 9front@9front.org
Subject: [9front] git/fetch problem in group writable repositories
Date: Thu, 15 Jul 2021 22:49:18 -0700	[thread overview]
Message-ID: <YPEd3ts1rhNVCZb0@alice> (raw)

If you create a git repository in a directory that
is group writable, running git/fetch will leave
behind an empty .git/objects/pack/fetch.tmp file
with mode 0644 in a number of scenarios:

	- if passed the -l flag
	- if the local repository is up to date
	- if there is a fatal error in fetchpack

If another user in the same group subsequently
tries to run git/fetch, it will fail since the
temporary pack file was not removed and cannot
be overwritten.

The calls to create need to be at least 0660 for
files and 0770 for directories.  It may also make
sense to create the temporary files with OEXCL
instead of truncating them if they already exist
or to use a name that's less likely to be reused
as in serve.c:/^updatepack.

Another thing to think about it is if we should
grab a lock of some kind before operations that
will modify a repository that is group writable.
Or just have a policy of "don't do that".

Thoughts?
  Anthony

             reply	other threads:[~2021-07-16  6:41 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-16  5:49 Anthony Martin [this message]
2021-07-16 16:05 ` ori
2021-07-16 18:44   ` cinap_lenrek
2021-07-16 19:36     ` ori
2021-07-17  0:12       ` cinap_lenrek
2021-07-17  0:11     ` Anthony Martin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YPEd3ts1rhNVCZb0@alice \
    --to=ality@pbrane.org \
    --cc=9front@9front.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).