-
Notifications
You must be signed in to change notification settings - Fork 48
Description
Since CVE-2022-24765, new git version adds an ownership check functionality, and if git owner != current uid, git command would report such error:
# git status
fatal: detected dubious ownership in repository at '/example'
To add an exception for this directory, call:
git config --global --add safe.directory /example
However, shadow-rs would silently ignore the error, and returns empty values for git-related consts.
Reproduce:
-
Initialize an empty project, with a non-root user and files in "Setup" in shadow-rs README (shadow-rs 0.32.0)
-
Add
println!("{}", build::CLAP_LONG_VERSION);inmain() -
git initandgit commit -a -
Build with same non-root user:
0.1.0 branch:master commit_hash:d423f07a build_time:2024-08-21 17:02:35 +08:00 build_env:rustc 1.80.1 (3f5fd8dd4 2024-08-06),stable-x86_64-unknown-linux-gnu -
Use
suto change user to root (Don't usesudoasgitwould try check this withSUDO_USERenv).git statusin root would report this fatal error. -
cargo cleanand build with root:0.1.0 branch: commit_hash: build_time:2024-08-21 17:05:18 +08:00 build_env:rustc 1.80.1 (3f5fd8dd4 2024-08-06),stable-x86_64-unknown-linux-gnu
This could make it hard to debug when building Rust projects with Docker (by default it uses root inside container), especially in CI environment (to be frankly this spent me an afternoon to find the bug).