lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 15 Sep 2008 19:12:40 +0200
From:	Jan Hudec <bulb@....cz>
To:	David Miller <davem@...emloft.net>
Cc:	gitster@...ox.com, peterz@...radead.org, git@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [ANNOUNCE] GIT 1.6.0-rc2

On Sat, Sep 13, 2008 at 01:33:30 -0700, David Miller wrote:
> As a followup this turned out to be the classic "PATH when doing GIT over
> SSH" problem.
> 
> I have to say this is very unfun to debug, and even less fun to "fix"
> even once you know this is the problem.  And what's more I know this is
> the second time I've had to spend a night debugging this very problem.
> 
> I ended up having to make a ~/.ssh/environment file and then restart my
> SSH server with "PermitUserEnvironment yes" added to sshd_config.
> 
> But I can't believe this is what I have to do just to pull from a machine
> where I have GIT only installed in my home directory.  What if I were just
> a normal user and couldn't change the SSHD config?  What hoops would I
> need to jump through to get my PATH setup correctly? :)
> 
> It doesn't even work to put ~/bin into the PATH listed in the system wide
> /etc/environment, because that does not do tilde expansion, SSHD just takes
> it as-is.
> 
> Wouldn't it make sense to put the bindir into PATH when we try to do
> execv_git_cmd()?  The code has already put the gitexecdir into the
> PATH at this point.

I don't think it gets to execv_git_cmd(). Git on local side will run
    ssh <host> git upload-pack
and it's ssh that can't find git in ~/bin (or maybe it's still using the
dashed form for backward compatibility; the argument stands either way).

There are two possible solutions (besides the .ssh/environment one):
 1. Without hacking git: Use a separate key pair for git access and configure
    that key on the server with 'command="/home/you/bin/git-shell"' option in
    .ssh/authorized_keys. Git shell should run the command from exec-dir
    properly.
 2. Hack git to support some variable to set the remote command for ssh
    protocol.

-- 
						 Jan 'Bulb' Hudec <bulb@....cz>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ