gitconfig: set safe.directory = * (#19870)

Allow git push to work when networked file systems with mixed
ownership are used with Gitea docker images >= 1.16.6 or Gitea
binaries running alongside git versions published after 04/2022.

There are circumstances independent of Gitea (networked file systems
with various permission systems) by which the git repositories managed
by Gitea may have mixed owners. It is not a behavior that Gitea have
control over nor is it a problem as long as the permissions for Gitea to
operate are correct. Gitea instances have been operating under these
conditions for a number of years.

It is detected as a potential security risk ( see
GHSA-vw2c-22j4-2fh2
) by the most recent git versions. However, Gitea always runs git
commands with a current directory matching the repository on
which it operates. That makes Gitea immune from this security problem
and it is safe to ignore the mixed owner permission check.

This gitconfig modification is done on a file dedicated to the user
exclusively used by Gitea.

Fixes: #19455
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>

diff --git a/modules/git/git.go b/modules/git/git.go
index d789a576ba13ebbcd16c099a9cc0e3bcaf603a10..e59eeddc6605e01046053eb61106c5770650be26 100644 (file)
--- a/modules/git/git.go
+++ b/modules/git/git.go
@@ -251,6 +251,19 @@ func syncGitConfig() (err error) {
                }
        }
 
+       // Due to CVE-2022-24765, git now denies access to git directories which are not owned by current user
+       // however, some docker users and samba users find it difficult to configure their systems so that Gitea's git repositories are owned by the Gitea user. (Possibly Windows Service users - but ownership in this case should really be set correctly on the filesystem.)
+       // see issue: https://github.com/go-gitea/gitea/issues/19455
+       // Fundamentally the problem lies with the uid-gid-mapping mechanism for filesystems in docker on windows (and to a lesser extent samba).
+       // Docker's configuration mechanism for local filesystems provides no way of setting this mapping and although there is a mechanism for setting this uid through using cifs mounting it is complicated and essentially undocumented
+       // Thus the owner uid/gid for files on these filesystems will be marked as root.
+       // As Gitea now always use its internal git config file, and access to the git repositories is managed through Gitea,
+       // it is now safe to set "safe.directory=*" for internal usage only.
+       // Please note: the wildcard "*" is only supported by Git 2.30.4/2.31.3/2.32.2/2.33.3/2.34.3/2.35.3/2.36 and later
+       // Although only supported by Git 2.30.4/2.31.3/2.32.2/2.33.3/2.34.3/2.35.3/2.36 and later - this setting is tolerated by earlier versions
+       if err := configAddNonExist("safe.directory", "*"); err != nil {
+               return err
+       }
        if runtime.GOOS == "windows" {
                if err := configSet("core.longpaths", "true"); err != nil {
                        return err