diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-06-19 12:59:27 +0200 |
|---|---|---|
| committer | Edward Thomson <ethomson@edwardthomson.com> | 2019-08-13 17:56:06 +0100 |
| commit | cb1439c9d32c059ee93216637a6d155306f76ab3 (patch) | |
| tree | 76f15274fb66652dba8d29f5aad0c6c456b84e56 /src/path.h | |
| parent | 5774b2b13468aa3c2e7e604dd348357f6842c56a (diff) | |
| download | libgit2-cb1439c9d32c059ee93216637a6d155306f76ab3.tar.gz | |
config: validate ownership of C:\ProgramData\Git\config before using it
When the VirtualStore feature is in effect, it is safe to let random
users write into C:\ProgramData because other users won't see those
files. This seemed to be the case when we introduced support for
C:\ProgramData\Git\config.
However, when that feature is not in effect (which seems to be the case
in newer Windows 10 versions), we'd rather not use those files unless
they come from a trusted source, such as an administrator.
This change imitates the strategy chosen by PowerShell's native OpenSSH
port to Windows regarding host key files: if a system file is owned
neither by an administrator, a system account, or the current user, it
is ignored.
Diffstat (limited to 'src/path.h')
| -rw-r--r-- | src/path.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/path.h b/src/path.h index 624ca03aa..ed6b93574 100644 --- a/src/path.h +++ b/src/path.h @@ -649,4 +649,16 @@ int git_path_normalize_slashes(git_buf *out, const char *path); bool git_path_supports_symlinks(const char *dir); +/** + * Validate a system file's ownership + * + * Verify that the file in question is owned by an administrator or system + * account, or at least by the current user. + * + * This function returns 0 if successful. If the file is not owned by any of + * these, or any other if there have been problems determining the file + * ownership, it returns -1. + */ +int git_path_validate_system_file_ownership(const char *path); + #endif |