source.dussan.org Git - gitea.git/commit

author	singuliere <35190819+singuliere@users.noreply.github.com>
	Fri, 17 Jun 2022 05:49:38 +0000 (07:49 +0200)
committer	GitHub <noreply@github.com>
	Fri, 17 Jun 2022 05:49:38 +0000 (06:49 +0100)
commit	a036507204fabd1d7cff3577692bc7d8e4ef7395
tree	8a23985b2ca4af06bc2e5d2ecaf8753cc8587ba4	tree \| snapshot
parent	bdde56c95c338822f84857f9a0a20a73eb62ce6d	commit \| diff

gitconfig: set safe.directory = * (#19870)

Allow git push to work when networked file systems with mixed
ownership are used with Gitea docker images >= 1.16.6 or Gitea
binaries running alongside git versions published after 04/2022.

There are circumstances independent of Gitea (networked file systems
with various permission systems) by which the git repositories managed
by Gitea may have mixed owners. It is not a behavior that Gitea have
control over nor is it a problem as long as the permissions for Gitea to
operate are correct. Gitea instances have been operating under these
conditions for a number of years.

It is detected as a potential security risk ( see
GHSA-vw2c-22j4-2fh2
) by the most recent git versions. However, Gitea always runs git
commands with a current directory matching the repository on
which it operates. That makes Gitea immune from this security problem
and it is safe to ignore the mixed owner permission check.

This gitconfig modification is done on a file dedicated to the user
exclusively used by Gitea.

Fixes: #19455
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>