t0034: add negative tests and allow git init to mostly work under sudo

Git fork

Add a support library that provides one function that can be used
to run a "scriplet" of commands through sudo and that helps invoking
sudo in the slightly awkward way that is required to ensure it doesn't
block the call (if shell was allowed as tested in the prerequisite)
and it doesn't run the command through a different shell than the one
we intended.

Add additional negative tests as suggested by Junio and that use a
new workspace that is owned by root.

Document a regression that was introduced by previous commits where
root won't be able anymore to access directories they own unless
SUDO_UID is removed from their environment.

The tests document additional ways that this new restriction could
be worked around and the documentation explains why it might be instead
considered a feature, but a "fix" is planned for a future change.

Helped-by: Junio C Hamano <gitster@pobox.com>
Helped-by: Phillip Wood <phillip.wood123@gmail.com>
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

authored by

Carlo Marcelo Arenas Belón and committed by

Junio C Hamano 3 years ago b9063afd ae9abbb6

+77

2 changed files

expand all

lib-sudo.sh

t0034-root-safe-directory.sh

+15

t/lib-sudo.sh

··· 1 + # Helpers for running git commands under sudo. 2 + 3 + # Runs a scriplet passed through stdin under sudo. 4 + run_with_sudo () { 5 + local ret 6 + local RUN="$TEST_DIRECTORY/$$.sh" 7 + write_script "$RUN" "$TEST_SHELL_PATH" 8 + # avoid calling "$RUN" directly so sudo doesn't get a chance to 9 + # override the shell, add aditional restrictions or even reject 10 + # running the script because its security policy deem it unsafe 11 + sudo "$TEST_SHELL_PATH" -c "\"$RUN\"" 12 + ret=$? 13 + rm -f "$RUN" 14 + return $ret 15 + }

+62

t/t0034-root-safe-directory.sh

··· 3 3 test_description='verify safe.directory checks while running as root' 4 4 5 5 . ./test-lib.sh 6 + . "$TEST_DIRECTORY"/lib-sudo.sh 6 7 7 8 if [ "$GIT_TEST_ALLOW_SUDO" != "YES" ] 8 9 then 9 10 skip_all="You must set env var GIT_TEST_ALLOW_SUDO=YES in order to run this test" 11 + test_done 12 + fi 13 + 14 + if ! test_have_prereq NOT_ROOT 15 + then 16 + skip_all="These tests do not support running as root" 10 17 test_done 11 18 fi 12 19 ··· 19 26 test_cmp u r 20 27 ' 21 28 29 + if ! test_have_prereq SUDO 30 + then 31 + skip_all="Your sudo/system configuration is either too strict or unsupported" 32 + test_done 33 + fi 34 + 22 35 test_expect_success SUDO 'setup' ' 23 36 sudo rm -rf root && 24 37 mkdir -p root/r && ··· 33 46 cd root/r && 34 47 git status && 35 48 sudo git status 49 + ) 50 + ' 51 + 52 + test_expect_success SUDO 'setup root owned repository' ' 53 + sudo mkdir -p root/p && 54 + sudo git init root/p 55 + ' 56 + 57 + test_expect_success 'cannot access if owned by root' ' 58 + ( 59 + cd root/p && 60 + test_must_fail git status 61 + ) 62 + ' 63 + 64 + test_expect_success 'can access if addressed explicitly' ' 65 + ( 66 + cd root/p && 67 + GIT_DIR=.git GIT_WORK_TREE=. git status 68 + ) 69 + ' 70 + 71 + test_expect_failure SUDO 'can access with sudo if root' ' 72 + ( 73 + cd root/p && 74 + sudo git status 75 + ) 76 + ' 77 + 78 + test_expect_success SUDO 'can access with sudo if root by removing SUDO_UID' ' 79 + ( 80 + cd root/p && 81 + run_with_sudo <<-END 82 + unset SUDO_UID && 83 + git status 84 + END 85 + ) 86 + ' 87 + 88 + test_lazy_prereq SUDO_SUDO ' 89 + sudo sudo id -u >u && 90 + id -u root >r && 91 + test_cmp u r 92 + ' 93 + 94 + test_expect_success SUDO_SUDO 'can access with sudo abusing SUDO_UID' ' 95 + ( 96 + cd root/p && 97 + sudo sudo git status 36 98 ) 37 99 ' 38 100