From 0d9642de891334804078f0a0627298a71c3c66c2 Mon Sep 17 00:00:00 2001 From: "Kyle J. McKay" Date: Sat, 28 May 2022 00:36:52 -0700 Subject: [PATCH] jailsetup.sh: ensure safe.directory=* when running git With this announcement: https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/ "[ANNOUNCE] Git v2.35.2 and below for CVE-2022-24765" Date: Tue, 12 Apr 2022 10:01:21 -0700 Git versions 2.30.3, 2.31.2, 2.32.1, 2.33.2, 2.34.2 and 2.35.2 were released on 2022-04-12 and immediately broke uses of the per-project config setting "core.sharedrepository" when set to a non-false value. Girocco cannot function without "core.sharedrepository" set to a non-false value. The following day with this announcement: https://lore.kernel.org/git/xmqq1qy04iqa.fsf@gitster.g/ "[ANNOUNCE] Git v2.35.3 and below as a usability fix" Date: Wed, 13 Apr 2022 17:22:05 -0700 Git versions 2.30.4, 2.31.3, 2.32.2, 2.33.3, 2.34.3 and 2.35.3 were released on 2022-04-13 providing a means to "opt-out" of the breakage that effectively disabled use of "core.sharedrepository" set to a non-false value. Later versions of Git (including the since released version 2.36.0) also contain this "opt-out" mechanism. When Girocco runs git, it arranges for git to always use a custom "global" git config file to ensure Girocco always runs with a consistent Git environment (and Girocco also always disables use of any system wide git configuration as well for the same reason). Add the necessary configuration item to "opt-out" of the "core.sharedrepository" breakage when running an affected Git version. This is harmless for older versions of Git (they simply ignore the setting since they do not know about it) which do not require the "opt-out" in the first place. For versions released on or after 2022-04-13, this resolves the issue for Girocco. Unfortunately, those versions initially released on 2022-04-12 remain completely incompatible with Girocco. In addition, because the 2022-04-12 release was for a CVE (CVE-2022-24765), many distributions of Git that appear to be older, unaffected versions, backported the CVE fix changes, thus making them also completely incompatible with Girocco despite them appearing to be an older, unaffected, version of Git. Fortunately, it appears that those distributions which initially backported the CVE fix into older versions of Git have also now backported the subsequent fix released on 2022-04-13 to fix the fix for the CVE. For this reason, there's no attempt added to detect the problematic versions of Git at this time. For reasons stated above, simply checking the Git version number provides inadequate checking in the face of the backporting that took place for the CVE fix. Checking for the issue without testing the Git version number remains problematic as it requires the ability to change the owner of a file in order to truly check for the incompatibility and that generally requires super-user privileges which Girocco only currently requires when installing a chroot jail for ssh fetch/push access. The affected Git versions that are completely incompatible with Girocco are expected to not be in use since they were immediately superseded one day after their release (and the distributions that performed a backport of the CVE fix have backported the fix for the CVE fix). --- jailsetup.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/jailsetup.sh b/jailsetup.sh index 5186507..e80f2f0 100755 --- a/jailsetup.sh +++ b/jailsetup.sh @@ -192,6 +192,7 @@ else fi update_config_item core.pager "cat" 1 update_config_item core.compression 5 +update_config_item safe.directory "*" 1 update_config_item diff.renameLimit 250 update_config_item transfer.unpackLimit 1 1 update_config_item http.lowSpeedLimit 1 -- 2.11.4.GIT