diff options
author | Junio C Hamano <gitster@pobox.com> | 2022-07-22 15:04:01 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2022-07-22 15:04:02 -0700 |
commit | 18bbc795fc52dc543e279c213fd1bfe27afc6092 (patch) | |
tree | 64f5824d95f3b7aa055e7eb14c975333d4db8c21 /Documentation/config | |
parent | e72d93e88cb20b06e88e6e7d81bd1dc4effe453f (diff) | |
parent | 8d1a7448206e11cdea657c35b04cc49db39be933 (diff) | |
download | git-18bbc795fc52dc543e279c213fd1bfe27afc6092.tar.gz |
Merge branch 'gc/bare-repo-discovery'
Introduce a discovery.barerepository configuration variable that
allows users to forbid discovery of bare repositories.
* gc/bare-repo-discovery:
setup.c: create `safe.bareRepository`
safe.directory: use git_protected_config()
config: learn `git_protected_config()`
Documentation: define protected configuration
Documentation/git-config.txt: add SCOPES section
Diffstat (limited to 'Documentation/config')
-rw-r--r-- | Documentation/config/safe.txt | 25 | ||||
-rw-r--r-- | Documentation/config/uploadpack.txt | 6 |
2 files changed, 25 insertions, 6 deletions
diff --git a/Documentation/config/safe.txt b/Documentation/config/safe.txt index fa02f3ccc5..bde7f31459 100644 --- a/Documentation/config/safe.txt +++ b/Documentation/config/safe.txt @@ -1,3 +1,22 @@ +safe.bareRepository:: + Specifies which bare repositories Git will work with. The currently + supported values are: ++ +* `all`: Git works with all bare repositories. This is the default. +* `explicit`: Git only works with bare repositories specified via + the top-level `--git-dir` command-line option, or the `GIT_DIR` + environment variable (see linkgit:git[1]). ++ +If you do not use bare repositories in your workflow, then it may be +beneficial to set `safe.bareRepository` to `explicit` in your global +config. This will protect you from attacks that involve cloning a +repository that contains a bare repository and running a Git command +within that directory. ++ +This config setting is only respected in protected configuration (see +<<SCOPES>>). This prevents the untrusted repository from tampering with +this value. + safe.directory:: These config entries specify Git-tracked directories that are considered safe even if they are owned by someone other than the @@ -12,9 +31,9 @@ via `git config --add`. To reset the list of safe directories (e.g. to override any such directories specified in the system config), add a `safe.directory` entry with an empty value. + -This config setting is only respected when specified in a system or global -config, not when it is specified in a repository config, via the command -line option `-c safe.directory=<path>`, or in environment variables. +This config setting is only respected in protected configuration (see +<<SCOPES>>). This prevents the untrusted repository from tampering with this +value. + The value of this setting is interpolated, i.e. `~/<path>` expands to a path relative to the home directory and `%(prefix)/<path>` expands to a diff --git a/Documentation/config/uploadpack.txt b/Documentation/config/uploadpack.txt index 32fad5bbe8..16264d82a7 100644 --- a/Documentation/config/uploadpack.txt +++ b/Documentation/config/uploadpack.txt @@ -49,9 +49,9 @@ uploadpack.packObjectsHook:: `pack-objects` to the hook, and expects a completed packfile on stdout. + -Note that this configuration variable is ignored if it is seen in the -repository-level config (this is a safety measure against fetching from -untrusted repositories). +Note that this configuration variable is only respected when it is specified +in protected configuration (see <<SCOPES>>). This is a safety measure +against fetching from untrusted repositories. uploadpack.allowFilter:: If this option is set, `upload-pack` will support partial |