On 2024-07-22 at 23:03:56, Simon McVittie wrote: > The log says: > > ----8<---- > 2024-07-22_22:40:20.65793 [11037] Connection from [::1]:40270 > 2024-07-22_22:40:20.65795 [11037] Extended attribute "host": localhost > 2024-07-22_22:40:20.65795 [11037] Extended attribute "protocol": version=2 > 2024-07-22_22:40:20.65795 [11037] Request upload-pack for > '/git/user/hello.git' > 2024-07-22_22:40:20.65800 fatal: detected dubious ownership in repository at > '/var/lib/git/user/hello.git' > 2024-07-22_22:40:20.65800 To add an exception for this directory, call: > 2024-07-22_22:40:20.65800 > 2024-07-22_22:40:20.65801 git config --global --add safe.directory > /var/lib/git/user/hello.git > 2024-07-22_22:40:20.65816 [11003] [11037] Disconnected (with error) > ---->8---- > > Is this intentional? > > My understanding had been that git-daemon(1) is one of the recommended > ways to provide safe read-only access to a git repo belonging to another > user, in a way that is not susceptible to attacks on the local cloning > protocol such as CVE-2024-32020 - so I would have expected that it > would not have required the "safe.directory" configuration parameter? > https://git-scm.com/docs/git says "The safest thing is to serve the > repository as an unprivileged user (either via git-daemon[1], ...)" > which I had interpreted as meaning that git-daemon ought to be a suitable > tool for this job.
I believe this is fixed as of 2.48.0, which is in experimental, if what you're doing is cloning or fetching[0], regardless of the protocol. The docs were incorrect and the changes that broke it were too aggressive, so I submitted a patch to fix that, which was included in that version. Could you test and verify that it's fixed in your case? If not, I can look into it further and try to send another patch, but I admit that I don't really use git-daemon since I prefer an encrypted connection using HTTPS or SSH, so I might have missed it. [0] Note that when cloning locally, `--no-local` is required. Otherwise, Git attempts to use hardlinks, which obviously would have some undesirable security properties across users. -- brian m. carlson (they/them or he/him) Toronto, Ontario, CA
signature.asc
Description: PGP signature
