search

kartik-v / yii2-grid

Enhanced GridView with various utilities for Yii Framework 2.0
http://demos.krajee.com/grid
Other
557 stars 302 forks source link

Unsafe repository git warning #1029

Closed mhunesi closed 2 years ago

mhunesi commented 2 years ago

image

kartik-v commented 2 years ago

This started appearing with the release of the Git 2.35.2 security update which fixes vulnerabilities described here.

Here are four possible solutions:

Option 1: trust the Git directory (do it if you know the directory contents are safe)

git config --global --add safe.directory /user/www/app/vendor/kartik-v

This adds the safe group to file ~/.gitconfig as shown in this example:

[safe]
    directory = /user/www/app/vendor/kartik-v

Option 2: run the command as the correct user, for example:

sudo -u ubuntu -- git status

Note: This requires user www-data to have permission to execute the Git command as user ubuntu (assuming ubuntu is the repository owner). For this to work, you will need to add a new file inside /etc/sudoers.d/ with the following contents:

www-data ALL=(ubuntu) NOPASSWD: /usr/bin/git

This may have security implications, so refer to your security person first.

Option 3: change the Git repository owner to www-data

sudo chown -R www-data:www-data /user/www/app/vendor/kartik-v

Option 4: downgrade Git as a temporary solution. For example, in Ubuntu:

apt install git-man=1:2.17.0-1ubuntu1 git=1:2.17.0-1ubuntu1

Note: At least on Windows, it appears that all Git repositories on ejectable drives are considered unsafe and changing the ownership does not seem to work.