Mitigate Security vulnerability in the git hook feature (#13058)
* Extend git hook warning in the UI. Git hooks are a dangerous feature, administrators should be warned before giving the git hook privilege to users. * Disable Git hooks by default and add warning. Git hooks are a dangerous features (see warning text) that should only be enabled if the administrator was informed about the risk involved. Co-authored-by: Niklas Goerke <goerke@fzi.de>
This commit is contained in:
parent
d49242287d
commit
8fe8ab5cbf
3 changed files with 15 additions and 5 deletions
|
@ -512,8 +512,13 @@ REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
|
||||||
MIN_PASSWORD_LENGTH = 6
|
MIN_PASSWORD_LENGTH = 6
|
||||||
; Set to true to allow users to import local server paths
|
; Set to true to allow users to import local server paths
|
||||||
IMPORT_LOCAL_PATHS = false
|
IMPORT_LOCAL_PATHS = false
|
||||||
; Set to true to prevent all users (including admin) from creating custom git hooks
|
; Set to false to allow users with git hook privileges to create custom git hooks.
|
||||||
DISABLE_GIT_HOOKS = false
|
; Custom git hooks can be used to perform arbitrary code execution on the host operating system.
|
||||||
|
; This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.
|
||||||
|
; By modifying the Gitea database, users can gain Gitea administrator privileges.
|
||||||
|
; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
|
||||||
|
; WARNING: This maybe harmful to you website or your operating system.
|
||||||
|
DISABLE_GIT_HOOKS = true
|
||||||
; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
|
; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
|
||||||
ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
|
ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
|
||||||
;Comma separated list of character classes required to pass minimum complexity.
|
;Comma separated list of character classes required to pass minimum complexity.
|
||||||
|
|
|
@ -388,8 +388,13 @@ relation to port exhaustion.
|
||||||
authentication.
|
authentication.
|
||||||
- `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
|
- `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
|
||||||
authentication provided email.
|
authentication provided email.
|
||||||
- `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom
|
- `DISABLE_GIT_HOOKS`: **true**: Set to `false` to enable users with git hook privilege to create custom git hooks.
|
||||||
git hooks.
|
WARNING: Custom git hooks can be used to perform arbitrary code execution on the host operating system.
|
||||||
|
This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.
|
||||||
|
By modifying the Gitea database, users can gain Gitea administrator privileges.
|
||||||
|
It also enables them to access other resources available to the user on the operating system that is running the
|
||||||
|
Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
|
||||||
|
This maybe harmful to you website or your operating system.
|
||||||
- `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to gitea repositories you should set the environment appropriately.
|
- `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to gitea repositories you should set the environment appropriately.
|
||||||
- `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
|
- `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
|
||||||
- `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
|
- `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
|
||||||
|
|
|
@ -2055,7 +2055,7 @@ users.prohibit_login = Disable Sign-In
|
||||||
users.is_admin = Is Administrator
|
users.is_admin = Is Administrator
|
||||||
users.is_restricted = Is Restricted
|
users.is_restricted = Is Restricted
|
||||||
users.allow_git_hook = May Create Git Hooks
|
users.allow_git_hook = May Create Git Hooks
|
||||||
users.allow_git_hook_tooltip = Git Hooks are executed as the OS user running Gitea and will have the same level of host access
|
users.allow_git_hook_tooltip = Git Hooks are executed as the OS user running Gitea and will have the same level of host access. As a result, users with this special Git Hook privilege can access and modify all Gitea repositories as well as the database used by Gitea. Consequently they are also able to gain Gitea administrator privileges.
|
||||||
users.allow_import_local = May Import Local Repositories
|
users.allow_import_local = May Import Local Repositories
|
||||||
users.allow_create_organization = May Create Organizations
|
users.allow_create_organization = May Create Organizations
|
||||||
users.update_profile = Update User Account
|
users.update_profile = Update User Account
|
||||||
|
|
Reference in a new issue