debian/patches/shell-drop-git-cvsserver-support-by-default.diff

   1 From 95110704086cf8c226bdd04aeab9bf13da8331e8 Mon Sep 17 00:00:00 2001
   2 From: Jeff King <peff@peff.net>
   3 Date: Mon, 11 Sep 2017 11:27:51 -0400
   4 Subject: shell: drop git-cvsserver support by default
   5
   6 The git-cvsserver script is old and largely unmaintained
   7 these days. But git-shell allows untrusted users to run it
   8 out of the box, significantly increasing its attack surface.
   9
  10 Let's drop it from git-shell's list of internal handlers so
  11 that it cannot be run by default.  This is not backwards
  12 compatible. But given the age and development activity on
  13 CVS-related parts of Git, this is likely to impact very few
  14 users, while helping many more (i.e., anybody who runs
  15 git-shell and had no intention of supporting CVS).
  16
  17 There's no configuration mechanism in git-shell for us to
  18 add a boolean and flip it to "off". But there is a mechanism
  19 for adding custom commands, and adding CVS support here is
  20 fairly trivial. Let's document it to give guidance to
  21 anybody who really is still running cvsserver.
  22
  23 Signed-off-by: Jeff King <peff@peff.net>
  24 Signed-off-by: Junio C Hamano <gitster@pobox.com>
  25 ---
  26  Documentation/git-shell.txt     | 16 ++++++++++++++
  27  shell.c                         | 14 ------------
  28  t/t9400-git-cvsserver-server.sh | 48 +++++++++++++++++++++++++++++++++++++++++
  29  3 files changed, 64 insertions(+), 14 deletions(-)
  30
  31 diff --git a/Documentation/git-shell.txt b/Documentation/git-shell.txt
  32 index 2e30a3e42d..54cf2560be 100644
  33 --- a/Documentation/git-shell.txt
  34 +++ b/Documentation/git-shell.txt
  35 @@ -79,6 +79,22 @@ EOF
  36  $ chmod +x $HOME/git-shell-commands/no-interactive-login
  37  ----------------
  38
  39 +To enable git-cvsserver access (which should generally have the
  40 +`no-interactive-login` example above as a prerequisite, as creating
  41 +the git-shell-commands directory allows interactive logins):
  42 +
  43 +----------------
  44 +$ cat >$HOME/git-shell-commands/cvs <<\EOF
  45 +if ! test $# = 1 && test "$1" = "server"
  46 +then
  47 +       echo >&2 "git-cvsserver only handles \"server\""
  48 +       exit 1
  49 +fi
  50 +exec git cvsserver server
  51 +EOF
  52 +$ chmod +x $HOME/git-shell-commands/cvs
  53 +----------------
  54 +
  55  SEE ALSO
  56  --------
  57  ssh(1),
  58 diff --git a/shell.c b/shell.c
  59 index fe2d314593..234b2d4f16 100644
  60 --- a/shell.c
  61 +++ b/shell.c
  62 @@ -25,19 +25,6 @@ static int do_generic_cmd(const char *me, char *arg)
  63         return execv_git_cmd(my_argv);
  64  }
  65
  66 -static int do_cvs_cmd(const char *me, char *arg)
  67 -{
  68 -       const char *cvsserver_argv[3] = {
  69 -               "cvsserver", "server", NULL
  70 -       };
  71 -
  72 -       if (!arg || strcmp(arg, "server"))
  73 -               die("git-cvsserver only handles server: %s", arg);
  74 -
  75 -       setup_path();
  76 -       return execv_git_cmd(cvsserver_argv);
  77 -}
  78 -
  79  static int is_valid_cmd_name(const char *cmd)
  80  {
  81         /* Test command contains no . or / characters */
  82 @@ -134,7 +121,6 @@ static struct commands {
  83         { "git-receive-pack", do_generic_cmd },
  84         { "git-upload-pack", do_generic_cmd },
  85         { "git-upload-archive", do_generic_cmd },
  86 -       { "cvs", do_cvs_cmd },
  87         { NULL },
  88  };
  89
  90 diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh
  91 index 432c61d246..c30660d606 100755
  92 --- a/t/t9400-git-cvsserver-server.sh
  93 +++ b/t/t9400-git-cvsserver-server.sh
  94 @@ -588,4 +588,52 @@ test_expect_success 'cvs annotate' '
  95      test_cmp ../expect ../actual
  96  '
  97
  98 +#------------
  99 +# running via git-shell
 100 +#------------
 101 +
 102 +cd "$WORKDIR"
 103 +
 104 +test_expect_success 'create remote-cvs helper' '
 105 +       write_script remote-cvs <<-\EOF
 106 +       exec git shell -c "cvs server"
 107 +       EOF
 108 +'
 109 +
 110 +test_expect_success 'cvs server does not run with vanilla git-shell' '
 111 +       (
 112 +               cd cvswork &&
 113 +               CVS_SERVER=$WORKDIR/remote-cvs &&
 114 +               export CVS_SERVER &&
 115 +               test_must_fail cvs log merge
 116 +       )
 117 +'
 118 +
 119 +test_expect_success 'configure git shell to run cvs server' '
 120 +       mkdir "$HOME"/git-shell-commands &&
 121 +
 122 +       write_script "$HOME"/git-shell-commands/cvs <<-\EOF &&
 123 +       if ! test $# = 1 && test "$1" = "server"
 124 +       then
 125 +               echo >&2 "git-cvsserver only handles \"server\""
 126 +               exit 1
 127 +       fi
 128 +       exec git cvsserver server
 129 +       EOF
 130 +
 131 +       # Should not be used, but part of the recommended setup
 132 +       write_script "$HOME"/git-shell-commands/no-interactive-login <<-\EOF
 133 +       echo Interactive login forbidden
 134 +       EOF
 135 +'
 136 +
 137 +test_expect_success 'cvs server can run with recommended config' '
 138 +       (
 139 +               cd cvswork &&
 140 +               CVS_SERVER=$WORKDIR/remote-cvs &&
 141 +               export CVS_SERVER &&
 142 +               cvs log merge
 143 +       )
 144 +'
 145 +
 146  test_done
 147 --
 148 2.14.1.821.g8fa685d3b7
 149