-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(GH-535) Fix for safe directories #549
Conversation
Merge of #548 needed followed by rebase before work on this can continue. |
fba9e2d
to
7f7c403
Compare
55a7859
to
2a4f83b
Compare
Prior to this commit, users running newer versions of Git and setting the `owner` parameter on a resource would encounter an error during puppet runs. This commit fixes the issue by allowing users to add the path of the resources to Gits global `safe.directoy` configuration. This can be achieved by specifying `safe_directory => true` on a resource.
This commit adds a section to the README that briefly describes the CVE and our mitigation to errors caused by it's remediation in later Git versions.
2a4f83b
to
af77ebd
Compare
@chelnak Thanks for working on that! How can I get this patch? Will this be added into future version? |
Hello hello! I wanted to let it rest in main for a few days just to see if anything popped up. I'll cut a release today 👍 |
@mfuhrmann v5.1.0 is up on the forge now 😄 |
After git was patched for CVE-2022-24765 the git binary would fail to execute in a repository that was owned by another user or group.
As of git 2.35.2, you can specify the
safe.directory
configuration or for prior versions define theGIT_CEILING_DIRECTORIES
environment variable to whitelist known directories.For users of VCSRepo running newer of git, there was no obvious way to apply the remediation.
This PR will close #535 by adding a
safe_directory
property to the type, allowing users to explicitly mark a path as 'safe'.