| commit | 732055439b68a3622b5c3337e7327f49c156d40d | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Mon, 25 Dec 2017 05:53:43 +0000 (24 21:53 -0800) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Mon, 25 Dec 2017 05:53:43 +0000 (24 21:53 -0800) | ||
| tree | aa01a8678fc00a9aca314c8a9dcdb2294d9b5301 | treesnapshot (tar.gz zip) |
| parent | 0e0526df19961876fba04b01ec4d8352e41bd9bf | commitdiff |
config: do not accept push options
Starting with Git v2.10.0, it's possible to pass arbitrary values
from the remote client to the server at push time using a new
"--push-option" command line option.
Girocco does not use these and accepting them only to ignore them
serves only to increase the possible malicious actor attack surface.
Therefore disable them in the global $chroot/etc/girocco/.gitconfig
file to prevent them from being sent.
According to the "git help config":
> By default, git-receive-pack will advertise the push options
> capability to its clients.
However, it appears that the implementation actually defaults to
not advertising the option unless the config item is explicitly set
to a true value. That makes more sense since the server must have
custom support to do anything with them.
Nevertheless, explicitly setting the config option to false protects
against any future change to make the code match the description
rather than the other way around.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
Starting with Git v2.10.0, it's possible to pass arbitrary values
from the remote client to the server at push time using a new
"--push-option" command line option.
Girocco does not use these and accepting them only to ignore them
serves only to increase the possible malicious actor attack surface.
Therefore disable them in the global $chroot/etc/girocco/.gitconfig
file to prevent them from being sent.
According to the "git help config":
> By default, git-receive-pack will advertise the push options
> capability to its clients.
However, it appears that the implementation actually defaults to
not advertising the option unless the config item is explicitly set
to a true value. That makes more sense since the server must have
custom support to do anything with them.
Nevertheless, explicitly setting the config option to false protects
against any future change to make the code match the description
rather than the other way around.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
| jailsetup.sh | diffblobblamehistory |