FS#52027 - [git] Change git user shell to /usr/bin/git-shell as more sane default

Attached to Project: Arch Linux
Opened by Adam Price (voofre) - Friday, 02 December 2016, 12:31 GMT
Last edited by Christian Hesse (eworm) - Friday, 04 August 2017, 11:46 GMT
Task Type General Gripe
Category Packages: Extra
Status Closed
Assigned To Dan McGee (toofishes)
Christian Hesse (eworm)
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

That was already reported many times but proper solution wasn't enacted. Currently git package adds a git user daemon with default /bin/bash shell which could be a security concern as many users install git simply for package building and have no idea that it provides loginable user account. The default shell should be changed then to /usr/bin/git-shell which provides possibility for push, fetch and whatever user defines requests without opening potential security hole. That tool was designed specifically for this reason. Every user who knows what s/he's doing can change it to whatever s/he wants manually.


Additional info:
https://git.archlinux.org/svntogit/packages.git/tree/trunk/git.install?h=packages/git#n6
https://git-scm.com/docs/git-shell
This task depends upon

Closed by  Christian Hesse (eworm)
Friday, 04 August 2017, 11:46 GMT
Reason for closing:  Fixed
Additional comments about closing:  git 2.13.4-2
Comment by Jan de Groot (JGC) - Friday, 02 December 2016, 12:41 GMT
This is not an issue, as you can't login with this account. Password is disabled and by default there's no /.ssh/authorized_keys file owned by the git user.

git user is used to run a git daemon, the git-shell binary is used for restricting access to git repositories.
Comment by Adam Price (voofre) - Friday, 02 December 2016, 13:34 GMT
Ok, but working shell isn't needed for daemons to run. I have currently about 20 daemons installed with an user account and no one has working shell except git. Maintainer said that shell is needed for pull requests and that's why /usr/bin/git-shell exist. Restricted access vs unrestricted access is the whole point and should be set by default unless there is a proper excuse.

Loading...