Skip to content

Remove environment variable parsing from SSH server #4266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Remove environment variable parsing from SSH server #4266

wants to merge 3 commits into from

Conversation

hlandau
Copy link

@hlandau hlandau commented Jun 17, 2018

This removes the environment variable parsing code from the SSH server,
which never worked in the first place. Since environment variable
passing doesn't appear to be necessary for the built-in SSH server to
work properly, it's removed to reduce attack surface rather than fixing
it.

The current code processes (untrusted) input in a buggy manner and
passes it to a process invocation which doesn't actually do anything. I
don't think this is an exploitable vulnerability but I haven't looked
at it in detail, and it wouldn't really surprise me if it was.

Closes #1935, an alternative proposal which which partially fixes the
environment variable handling but ultimately still leaves it broken.

Signed-off-by: Hugo Landau [email protected]

@codecov-io
Copy link

codecov-io commented Jun 17, 2018
edited
Loading

Codecov Report

Merging #4266 into master will increase coverage by <.01%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4266      +/-   ##
==========================================
+ Coverage   38.83%   38.84%   +<.01%     
==========================================
  Files         354      354              
  Lines       50174    50163      -11     
==========================================
  Hits        19485    19485              
+ Misses      27866    27855      -11     
  Partials     2823     2823
Impacted Files Coverage Δ
modules/ssh/ssh.go 59.47% <ø> (+3.98%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update df30010...e0b336c. Read the comment docs.

@bkcsoft bkcsoft added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jun 17, 2018
techknowlogick
techknowlogick requested changes Jun 17, 2018
View reviewed changes
Copy link
Member

@techknowlogick techknowlogick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add Gitea copyright to header of file

@hlandau
Remove environment variable parsing from SSH server
4a6466c 
This removes the environment variable parsing code from the SSH server,
which never worked in the first place. Since environment variable
passing doesn't appear to be necessary for the built-in SSH server to
work properly, it's removed to reduce attack surface rather than fixing
it.

The current code processes (untrusted) input in a buggy manner and
passes it to a process invocation which doesn't actually do anything. I
don't *think* this is an exploitable vulnerability but I haven't looked
at it in detail, and it wouldn't really surprise me if it was.

Closes go-gitea#1935, an alternative proposal which which partially fixes the
environment variable handling but ultimately still leaves it broken.

Signed-off-by: Hugo Landau <[email protected]>
@hlandau
Copy link
Author

hlandau commented Jun 17, 2018

@techknowlogick Done.

@hlandau hlandau mentioned this pull request Jun 18, 2018
Closed
@lafriks lafriks added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label Jun 19, 2018
@lafriks lafriks added this to the 1.6.0 milestone Jun 19, 2018
@fcharlie
Copy link

See Git Wire Protocol, git will send SetEnv to allow wire protocol.

https://github.com/git/git/blob/master/Documentation/technical/protocol-v2.txt

 SSH and File Transport
~~~~~~~~~~~~~~~~~~~~~~~~

When using either the ssh:// or file:// transport, the GIT_PROTOCOL
environment variable must be set explicitly to include "version=2".

@techknowlogick techknowlogick modified the milestones: 1.6.0, 1.7.0 Aug 28, 2018
@techknowlogick techknowlogick modified the milestones: 1.7.0, 1.8.0 Dec 19, 2018
@techknowlogick techknowlogick modified the milestones: 1.8.0, 1.9.0 Mar 8, 2019
@techknowlogick techknowlogick modified the milestones: 1.9.0, 1.10.0 Jun 4, 2019
@cybe
Copy link
Contributor

cybe commented Aug 2, 2019

This can be closed now, as it was implemented and merged by #6825.

@zeripath zeripath closed this Aug 2, 2019
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@techknowlogick techknowlogick techknowlogick requested changes

Assignees
No one assigned
Labels
lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
1.10.0
Development

Successfully merging this pull request may close these issues.
8 participants
@hlandau @codecov-io @fcharlie @cybe @techknowlogick @lafriks @zeripath @bkcsoft