For example I use SmartGit as my interactive Git client, and even though it's on recent versions of Git I never saw the security warning dialog on any of the repositories. Yet some other Git tools completely side step this issue with their own private versions of Git that don't have this issue at all. Some applications including Visual Studio and Rider now have updated their Git functionality to detect when you get an untrusted repository and prompt you to trust the repository: Some Developer Tools can Automatically Trust Repositories The file lives in the your user directory: code c:\users\\.gitinfoĭirectory = d:/projects/Westwind.AspNetCoreĭirectory = d:/projects/ĭirectory = D:/projects/LicenseManagerServiceĭirectory = D:/projects/MarkdownMonsterCodeĭirectory = d:/projects/WestwindWebSurge2ĭirectory = d:/projects/Westwind.WebStoreĭirectory = d:/projects/Westwind.Utilitiesįinally it was pointed out in the comments that you make this change globally by providing a wildcard operator: Įt voila: Fogettaboutit! You now should not see any more of those pesky warning popups. gitconfig file which has a section that cotains folders that are deemed safe. It's Ok if you have a one repo, but if you're like dozens you use regularily this gets old in a hurry.gitconfig FoldersĪnother way that lets you add folders more easily in bulk is via the. While that's better it's still a hassle as you still have to type out or copy the folder name which can be lengthy. Stored in my utilities folder that's on the global path. Git config -global -add safe.directory $args What I've done originally is create a small powershell script called gitSafeDir.ps1 that makes this a little more palatable to my limited memory: # gitSafeDir This works fine, but it's a long command and you have to essentially do this for each and every repository - you can't use top level folders and have it recurse down the hierarchy. The most obvious solution is to run the command that the Git error suggests, which uses git config to add the folder to folder list: git config -global -add safe.directory Developer Tools can set Safe Repo Status.There are a number of solutions for this problem. Git Security Issue: CVE-2022-24765 Quick Fixes You can read more detail about the specific vulnerability here: This change in Git came about due a security issue which allows parent repositories directories to override permissions of child repositories in some situations which would potentially allow execution of commands with unintended consequences. Windows however, has other ideas as it by default uses a generic ACL to assign user ownership which has the effective result that Git considers every repository as unsafe by default. This security issue started showing up in Git v2.35.2 and later, where Git now checks for ownership of the folder trying to ensure that the folder you are using Git in has the same user as the owner as your current user account. This shows up from the command line as well as from various Git clients or applications that have integrated Git support (here inside of Markdown Monster). I'm sure you've at some point or other in recent months run into this new-ish Git issue where it haughtily declares that all of your repositories are insecure as shown in the dialog above.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |