On Sun, 2018-02-11 at 22:04 +0800, Paul Wise wrote: > I think I will check the git version and apply the manual > whitelisting only for versions of git older than 2.12.
Attached my proposed patch for the git issue. -- bye, pabs https://wiki.debian.org/PaulWise
From 014f4dae7859e9121b3bd96dd7fd7a7d4a62ac6a Mon Sep 17 00:00:00 2001 From: Paul Wise <[email protected]> Date: Sun, 11 Feb 2018 21:57:49 +0800 Subject: [PATCH] Mitigate vulnerabilities caused by some git remotes being able to execute code Set GIT_PROTOCOL_FROM_USER=0 with git versions newer than 2.12. Manually whitelist known-safe protocols (http, https, git, ssh, file) when using git versions older than 2.12. --- webcheckout | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/webcheckout b/webcheckout index c817605..1b59c75 100755 --- a/webcheckout +++ b/webcheckout @@ -71,6 +71,16 @@ use Getopt::Long; use warnings; use strict; +# Mitigate some git remote types being dangerous +my $git_unsafe = 1; +my $git_version = `git --version`; +$git_version =~ s/^git version //; +my ($major, $minor, undef) = split(/\./, $git_version); +if (int($major) >= 2 && int($minor) >= 12) { + $ENV{GIT_PROTOCOL_FROM_USER} = 0; + $git_unsafe = 0; +} + # What to download. my $url; @@ -89,7 +99,16 @@ my $destdir; # how to perform checkouts my %handlers=( - git => sub { doit(qw(git clone --), shift, $destdir) }, + git => sub { + my $git_url = shift; + # Reject unsafe URLs with older versions of git + # that do not already check the URL safety. + if ($git_unsafe && $git_url !~ /^(?:https?|git|ssh|file):[^:]/) { + print STDERR "potentially unsafe git URL, may execute arbitrary code\n"; + return 1; + } + doit(qw(git clone --), $git_url, $destdir) + }, svn => sub { doit(qw(svn checkout --), shift, $destdir) }, bzr => sub { doit(qw(bzr branch --), shift, $destdir) }, ); -- 2.15.1
signature.asc
Description: This is a digitally signed message part

