Re: Shared repositories no longer securable against privilege escalation

Quoting Michael Haggerty (2017-03-17 05:07:36) > On 03/17/2017 01:23 AM, Joe Rayhawk wrote: > > Git has started requiring write access to the root of bare repositories > > in order to create /HEAD.lock. This is a major security problem in > > shared environments as it also

Re: Shared repositories no longer securable against privilege escalation

Quoting Junio C Hamano (2017-03-17 08:26:39) > Michael Haggerty writes: > I _think_ the real bug is that somehow a user got a wrong impression > that directly underneath $GIT_DIR/ is somehow different from its > subdirectory and it is OK to make the directory unwritable. I

Shared repositories no longer securable against privilege escalation

Git has started requiring write access to the root of bare repositories in order to create /HEAD.lock. This is a major security problem in shared environments as it also entails control over the /config link i.e. core.hooksPath. Permission to write objects and update refs should be entirely