Paperback
commented
9 years ago For me, the git user cannot write outside their home directory so this fails with permission denied. I know it's best practise not to just hope for sane permissions particularly when dealing with security, but is there a sane use case where someone wants relative paths when pushing, for instance pushing configuration files into etc?
Instead of removing / from the repo name, perhaps it's better to just disallow relative paths by removing ..
Also that perl call has been replaced by sed.
This is a security-related bug
Problem & POC
The name of the repos can contain sequences such as
../, which allows the repositories to be stored outside the$GITHOMEdirectory.For example, the command
git clone git@example.com:../../tmp/foocreates the repo in the directory/tmp/foo(with default configuration).Also, one could create a repo named
foo, then someone else a repo namedfoo/bar, which will completely hides the existence of the second repo. Also, replacebarforrefsand you have an other error.Solution
The solution is to filter the allowed repository name and/or to escape them.
The following code is to be changed:
However, I don't have the perl knowledge to be sure to understand the code already, so I leave the fix to others.
Here is my suggestion:
/in the repo name. Exit right away with an error message if there is.ls $GITHOMEwill show all repos.Edit: Not allowing
/in the repo name may be asking for too much (e.g. can not useuser/somethingas repo names a la GitHub). Alternatively, we could replace/for some character (-?_? a space?), but this may lead to conflicts (e.g.user/somethinganduser-somethingwould be the same repo).I will happily review commits aiming at fixing this flaw, provided they don't use any perl (as I don't have any knowledge in the area).