[v2,9/9] docs: document symlink restrictions for dot-files

Message ID	YJBgcDM8Jt4dRdNe@coredump.intra.peff.net (mailing list archive)
State	Accepted
Commit	8ff06de10c12ef1f796fcefb96166133965d510e
Headers	show Return-Path: <git-owner@kernel.org> Date: Mon, 3 May 2021 16:43:28 -0400 From: Jeff King <peff@peff.net> To: git@vger.kernel.org Cc: Junio C Hamano <gitster@pobox.com>, =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsA==?= Bjarmason <avarab@gmail.com>, Eric Sunshine <sunshine@sunshineco.com> Subject: [PATCH v2 9/9] docs: document symlink restrictions for dot-files Message-ID: <YJBgcDM8Jt4dRdNe@coredump.intra.peff.net> References: <YJBgMP9eXq31INyN@coredump.intra.peff.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <YJBgMP9eXq31INyN@coredump.intra.peff.net> Precedence: bulk
Series	leftover bits from symlinked gitattributes, etc topics \| expand [v2,0/9] leftover bits from symlinked gitattributes, etc topics [v2,1/9] t7415: remove out-dated comment about translation [v2,2/9] fsck_tree(): fix shadowed variable [v2,3/9] fsck_tree(): wrap some long lines [v2,4/9] t7415: rename to expand scope [v2,5/9] t7450: test verify_path() handling of gitmodules [v2,6/9] t7450: test .gitmodules symlink matching against obscured names [v2,7/9] t0060: test ntfs/hfs-obscured dotfiles [v2,8/9] fsck: warn about symlinked dotfiles we'll open with O_NOFOLLOW [v2,9/9] docs: document symlink restrictions for dot-files

Message ID

YJBgcDM8Jt4dRdNe@coredump.intra.peff.net (mailing list archive)

State

Accepted

Commit

8ff06de10c12ef1f796fcefb96166133965d510e

Headers

Date: Mon, 3 May 2021 16:43:28 -0400
From: Jeff King <peff@peff.net>
To: git@vger.kernel.org
Cc: Junio C Hamano <gitster@pobox.com>,
 =?utf-8?b?w4Z2YXIgQXJuZmrDtnLDsA==?= Bjarmason <avarab@gmail.com>,
 Eric Sunshine <sunshine@sunshineco.com>
Subject: [PATCH v2 9/9] docs: document symlink restrictions for dot-files
Message-ID: <YJBgcDM8Jt4dRdNe@coredump.intra.peff.net>
References: <YJBgMP9eXq31INyN@coredump.intra.peff.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <YJBgMP9eXq31INyN@coredump.intra.peff.net>
Precedence: bulk

Series

leftover bits from symlinked gitattributes, etc topics | expand

Commit Message

Jeff King May 3, 2021, 8:43 p.m. UTC

We stopped allowing symlinks for .gitmodules files in 10ecfa7649
(verify_path: disallow symlinks in .gitmodules, 2018-05-04), and we
stopped following symlinks for .gitattributes, .gitignore, and .mailmap
in the commits from 204333b015 (Merge branch 'jk/open-dotgitx-with-nofollow',
2021-03-22). The reasons are discussed in detail there, but we never
adjusted the documentation to let users know.

This hasn't been a big deal since the point is that such setups were
mildly broken and thought to be unusual anyway. But it certainly doesn't
hurt to be clear and explicit about it.

Suggested-by: Philip Oakley <philipoakley@iee.email>
Signed-off-by: Jeff King <peff@peff.net>
---
 Documentation/gitattributes.txt | 6 ++++++
 Documentation/gitignore.txt     | 4 ++++
 Documentation/gitmailmap.txt    | 7 +++++++
 Documentation/gitmodules.txt    | 8 ++++++++
 4 files changed, 25 insertions(+)

diff --git a/Documentation/gitattributes.txt b/Documentation/gitattributes.txt
index cfcfa800c2..83fd4e19a4 100644
--- a/Documentation/gitattributes.txt
+++ b/Documentation/gitattributes.txt
@@ -1247,6 +1247,12 @@  to:
 [attr]binary -diff -merge -text
 ------------
 
+NOTES
+-----
+
+Git does not follow symbolic links when accessing a `.gitattributes`
+file in the working tree. This keeps behavior consistent when the file
+is accessed from the index or a tree versus from the filesystem.
 
 EXAMPLES
 --------
diff --git a/Documentation/gitignore.txt b/Documentation/gitignore.txt
index 5751603b13..53e7d5c914 100644
--- a/Documentation/gitignore.txt
+++ b/Documentation/gitignore.txt
@@ -149,6 +149,10 @@  not tracked by Git remain untracked.
 To stop tracking a file that is currently tracked, use
 'git rm --cached'.
 
+Git does not follow symbolic links when accessing a `.gitignore` file in
+the working tree. This keeps behavior consistent when the file is
+accessed from the index or a tree versus from the filesystem.
+
 EXAMPLES
 --------
 
diff --git a/Documentation/gitmailmap.txt b/Documentation/gitmailmap.txt
index 3fb39f801f..06f4af93fe 100644
--- a/Documentation/gitmailmap.txt
+++ b/Documentation/gitmailmap.txt
@@ -55,6 +55,13 @@  this would also match the 'Commit Name <commit&#64;email.xx>' above:
 	Proper Name <proper@email.xx> CoMmIt NaMe <CoMmIt@EmAiL.xX>
 --
 
+NOTES
+-----
+
+Git does not follow symbolic links when accessing a `.mailmap` file in
+the working tree. This keeps behavior consistent when the file is
+accessed from the index or a tree versus from the filesystem.
+
 EXAMPLES
 --------
 
diff --git a/Documentation/gitmodules.txt b/Documentation/gitmodules.txt
index 8e333dde1b..dcee09b500 100644
--- a/Documentation/gitmodules.txt
+++ b/Documentation/gitmodules.txt
@@ -98,6 +98,14 @@  submodule.<name>.shallow::
 	shallow clone (with a history depth of 1) unless the user explicitly
 	asks for a non-shallow clone.
 
+NOTES
+-----
+
+Git does not allow the `.gitmodules` file within a working tree to be a
+symbolic link, and will refuse to check out such a tree entry. This
+keeps behavior consistent when the file is accessed from the index or a
+tree versus from the filesystem, and helps Git reliably enforce security
+checks of the file contents.
 
 EXAMPLES
 --------

[v2,9/9] docs: document symlink restrictions for dot-files

Commit Message

Patch