Page MenuHomePhabricator
Differential D15756

Remove the warning about the Git 2GB pathname issue
ClosedPublic
Actions

Authored by epriestley on Apr 19 2016, 1:59 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Apr 12, 9:25 PM
Unknown Object (File)
Thu, Apr 4, 6:01 AM
Unknown Object (File)
Mon, Apr 1, 3:14 AM
Unknown Object (File)
Mon, Apr 1, 3:14 AM
Unknown Object (File)
Fri, Mar 22, 7:11 AM
Unknown Object (File)
Feb 6 2024, 9:48 AM
Unknown Object (File)
Feb 1 2024, 2:39 AM
Unknown Object (File)
Jan 22 2024, 6:03 AM
View All Files
Subscribers
None

Details

Reviewers
chad
Maniphest Tasks
T10832: Evaluate Git remote execution vulnerabilities with 2GB pathnames
Commits
rPc30fe65ee9c8: Remove the warning about the Git 2GB pathname issue
Summary

Ref T10832. In practice, git --version is not a useful test for this issue:

  • Vendors like Debian have backported the patch into custom versions like 0.0.0.1-debian-lots-of-patches.3232.
  • Vendors like Ubuntu distribute multiple different versions which report the same string from git --version, some of which are patched and some of which are not.

In other cases, we can perform an empirical test for the vulnerability. Here, we can not, because we can't write a 2GB path in a reasonable amount of time.

Since vendors (other than Apple) generally seem to be on top of this and any warning we try to raise based on git --version will frequently be incorrect, don't raise this warning.

I'll note this in the changelog instead.

Test Plan

Looked at setup issues, no more warning for vulnerable git version.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 37964.Apr 19 2016, 1:59 PM
epriestley retitled this revision from to Remove the warning about the Git 2GB pathname issue.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
epriestley added a task: T10832: Evaluate Git remote execution vulnerabilities with 2GB pathnames.
chad accepted this revision.Apr 19 2016, 1:59 PM
chad edited edge metadata.
This revision is now accepted and ready to land.Apr 19 2016, 1:59 PM
Closed by commit rPc30fe65ee9c8: Remove the warning about the Git 2GB pathname issue (authored by epriestley, committed by epriestley). · Explain WhyApr 19 2016, 2:02 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
applications/
config/
check/
9 lines

Diff 37965

View Options

src/applications/config/check/PhabricatorBinariesSetupCheck.php

Loading...
Phabricator · Built by Phacility