GNU bug report logs - #55399
libgit2 1.4.3 directory owner validation breaks Guix

Previous Next

Package: guix;

Reported by: André Batista <nandre <at> riseup.net>

Date: Fri, 13 May 2022 15:22:01 UTC

Severity: important

Tags: patch

Full log

View this message in rfc822 format

From: Maxime Devos <maximedevos <at> telenet.be>
To: 55399 <at> debbugs.gnu.org
Cc: André Batista <nandre <at> riseup.net>, Maxime Devos <maximedevos <at> telenet.be>
Subject: bug#55399: [PATCH 1/2] guix: Disable owner validation.
Date: Sun, 28 Aug 2022 12:58:26 +0200

The original patch disabled it only when updating cached checkouts, but the
disabling persisted afterwards, making it stateful. To avoid statefulness, it
is disabled during with-libgit2 instead.

For compatibility with guile-git versions that do not yet have
set-owner-validation!, the setting is skipped when set-owner-validation! does
not exist.

* guix/git.scm (update-cached-checkout): Disable owner validation checks.

Co-Authored-By: André Batista <nandre <at> riseup.net>
---
 guix/git.scm | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/guix/git.scm b/guix/git.scm
index 53e7219c8c..0fe6e65549 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2021 Kyle Meyer <kyle <at> kyleam.com>
 ;;; Copyright © 2021 Marius Bakke <marius <at> gnu.org>
 ;;; Copyright © 2022 Maxime Devos <maximedevos <at> telenet.be>
+;;; Copyright © 2022 André Batista <nandre <at> riseup.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,6 +24,7 @@
 (define-module (guix git)
   #:use-module (git)
   #:use-module (git object)
+  #:use-module (git settings)
   #:use-module (git submodule)
   #:use-module (guix i18n)
   #:use-module (guix base32)
@@ -117,6 +119,16 @@ (define-syntax-rule (with-libgit2 thunk ...)
     ;; but pointer finalizers used in guile-git may be called after shutdown,
     ;; resulting in a segfault. Hence, let's skip shutdown call for now.
     (libgit2-init!)
+    ;; libgit2 <at> 1.4.3 ‘fixed’ a git CVE it never shared, breaking some uses
+    ;; of Guix channels (see <https://issues.guix.gnu.org/55399>).  Disable
+    ;; the owner validation that does not fit in the security model in Guix.
+    ;;
+    ;; For compatibility with old guile-git that do not have
+    ;; 'set-owner-validation!', do nothing if 'set-owner-validation!'
+    ;; does not exist.
+    ((catch 'unbound-variable
+            (lambda () set-owner-validation!)
+            (lambda _ identity)) #false)
     (unless %certificates-initialized?
       (honor-system-x509-certificates!)
       (set! %certificates-initialized? #t))

base-commit: d519305d83d08058e4def2c4d72fe62102d9599d
prerequisite-patch-id: 62949e6148bb8aae2f792aaf4d54f2a136351d28
prerequisite-patch-id: 72191ec47cb3876c5fcd6233880dea7dfc1b165f
prerequisite-patch-id: bbfd96d673e491ddd684e8270c90347547dceaa5
prerequisite-patch-id: fbdac7446d0c3f529f313f89cb9ba975d469d7ac
prerequisite-patch-id: d0a5804a92d868c5ee6726e6e0555a8af25e442c
-- 
2.37.1
This bug report was last modified 2 years and 132 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.