esp-idf/docs
Frantisek Hrbata 99f9dd4c07 feat(docker): allow to add paths into git's safe.directory
With 8959555cee7e[1] ("setup_git_directory(): add an owner check for the top..")
git added an ownership check of the git directory and refuses to
run any git commands, even parsing the config file, if the git directory
is not owned by the current user. The "fatal: detected dubious ownership in repository"
is reported.

This fixes CVE-2022-24765[2], which allows to compromise user account. On a
multi-user system or e.g. on a shared file system, one user may create a "rogue"
git repository with e.g. core.fsmonitor set to an arbitrary command. Other user
may unwillingly execute this command by running e.g. git-diff or
git-status within the "rogue" git repository, which may be in one of the parent
directories. If e.g. PS1 is set to display information about a git
repository in CWD, as suggested in Git in Bash[3], the user do not need to run
any git command to trigger this, just entering some subdirectory under
this "rogue" git repository is enough, because the git command will be
started transparently through the script used in PS1. The core.fsmonitor
can be set to arbitrary command. It's purpose is to help git to identify changed files
and speed up the scanning for changed files.

rogue
├── .git     # owned by user1
└── dir1     # owned by user2
    ├── dir2 # owned by user2
    └── .git # owned by user2

user1 sets core.fsmonitor for git repository in rogue directory
$ git config --add core.fsmonitor "bash -c 'rm -rf \$HOME'"

user2 enters dir1 and runs e.g. git diff and triggers the core.fsmonitor command.

The ownership check may cause problems when running git commands in
ESP-IDF Docker container. For example user may run the container as
root, but the mounted project may be owned by a particular user.

In this case git will refuse to execute any git command within the
"/project" directory, because it's not owned by root. To overcome this,
git allows to set safe.directories, for which the ownership check is
skipped. The security check may be completely disabled by setting
safe.directories to "*". This solution was proposed in PR 12636[4], but
it would allow make it possible to exploit this vulnerability again.

This fix allows user to specify git's safe.directory in IDF_GIT_SAFE_DIR
environmental variable, which may be set during container startup.

The IDF_GIT_SAFE_DIR has same format as PATH and multiple directories can be
specified by using a ":" separator. To entirely disable this git security check
within the container, user may set IDF_GIT_SAFE_DIR='*'. This might be
heplfull in CI.

Closes https://github.com/espressif/esp-idf/pull/12636

[1] - 8959555cee
[2] - https://nvd.nist.gov/vuln/detail/cve-2022-24765
[3] - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
[4] - https://github.com/espressif/esp-idf/pull/12636

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-12-01 08:23:16 +01:00
..
_static Merge branch 'contrib/github_pr_9694_v5.1' into 'release/v5.1' 2023-08-30 14:56:31 +08:00
docs_not_updated Merge branch 'backport/add_docs_for_coex_v51' into 'release/v5.1' 2023-11-23 13:57:42 +08:00
doxygen docs: add ECDSA peripheral chapter for H2/P4 2023-11-20 16:13:35 +05:30
en feat(docker): allow to add paths into git's safe.directory 2023-12-01 08:23:16 +01:00
zh_CN docs: Update CN translation for api-guides/tools/idf-monitor.rst 2023-11-27 09:38:39 +01:00
check_lang_folder_sync.sh global: use '/usr/bin/env bash' instead of '/usr/bin/bash' in shebangs 2020-04-03 01:10:02 +02:00
conf_common.py docs: add ECDSA peripheral chapter for H2/P4 2023-11-20 16:13:35 +05:30
doxygen-known-warnings.txt freertos(IDF): Remove dependency on portUSING_MPU_WRAPPERS 2022-12-23 15:29:17 +08:00
page_redirects.txt doc: remove left-over legacy event loop docs 2023-03-17 15:37:26 +08:00
README.md docs: update to use esp-docs 2021-08-24 08:56:48 +08:00
sphinx-known-warnings.txt docs(fatfs): Move mentioned APIs to a separate API reference section 2023-08-14 12:44:53 +02:00
TEMPLATE_EXAMPLE_README.md docs: update frontpage/general pages for ESP8684 2021-12-21 11:14:35 +08:00

Documentation Source Folder

This folder contains source files of ESP-IDF documentation available in English and 中文.

The sources do not render well in GitHub and some information is not visible at all.

Use actual documentation generated within about 20 minutes on each commit:

Hosted Documentation

The above URLs are all for the master branch latest version. Click the drop-down in the bottom left to choose a stable version or to download a PDF.

Building Documentation

The documentation is built using the python package esp-docs, which can be installed by running pip install esp-docs. Running build-docs --help will give a summary of available options. For more information see the esp-docs documentation at https://github.com/espressif/esp-docs/blob/master/README.md