diff options
| author | singuliere <35190819+singuliere@users.noreply.github.com> | 2022-06-17 07:49:38 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-17 06:49:38 +0100 |
| commit | a036507204fabd1d7cff3577692bc7d8e4ef7395 (patch) | |
| tree | 8a23985b2ca4af06bc2e5d2ecaf8753cc8587ba4 /web_src/js/features | |
| parent | bdde56c95c338822f84857f9a0a20a73eb62ce6d (diff) | |
| download | gitea-a036507204fabd1d7cff3577692bc7d8e4ef7395.tar.gz gitea-a036507204fabd1d7cff3577692bc7d8e4ef7395.zip | |
gitconfig: set safe.directory = * (#19870)
Allow git push to work when networked file systems with mixed
ownership are used with Gitea docker images >= 1.16.6 or Gitea
binaries running alongside git versions published after 04/2022.
There are circumstances independent of Gitea (networked file systems
with various permission systems) by which the git repositories managed
by Gitea may have mixed owners. It is not a behavior that Gitea have
control over nor is it a problem as long as the permissions for Gitea to
operate are correct. Gitea instances have been operating under these
conditions for a number of years.
It is detected as a potential security risk ( see
GHSA-vw2c-22j4-2fh2
) by the most recent git versions. However, Gitea always runs git
commands with a current directory matching the repository on
which it operates. That makes Gitea immune from this security problem
and it is safe to ignore the mixed owner permission check.
This gitconfig modification is done on a file dedicated to the user
exclusively used by Gitea.
Fixes: #19455
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Diffstat (limited to 'web_src/js/features')
0 files changed, 0 insertions, 0 deletions