You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: book/04-git-server/sections/protocols.asc
+9-4
Original file line number
Diff line number
Diff line change
@@ -181,7 +181,7 @@ If you want to allow anonymous read-only access to your projects and also want t
181
181
182
182
(((protocols, git)))
183
183
Finally, we have the Git protocol.
184
-
This is a special daemon that comes packaged with Git; it listens on a dedicated port (9418) that provides a service similar to the SSH protocol, but with absolutely no authentication.
184
+
This is a special daemon that comes packaged with Git; it listens on a dedicated port (9418) that provides a service similar to the SSH protocol, but with absolutely no authentication or cryptography.
185
185
In order for a repository to be served over the Git protocol, you must create a `git-daemon-export-ok` file -- the daemon won't serve a repository without that file in it -- but, other than that, there is no security.
186
186
Either the Git repository is available for everyone to clone, or it isn't.
187
187
This means that there is generally no pushing over this protocol.
@@ -196,9 +196,14 @@ It uses the same data-transfer mechanism as the SSH protocol but without the enc
196
196
197
197
===== The Cons
198
198
199
-
The downside of the Git protocol is the lack of authentication.
200
-
It's generally undesirable for the Git protocol to be the only access to your project.
201
-
Generally, you'll pair it with SSH or HTTPS access for the few developers who have push (write) access and have everyone else use `git://` for read-only access.
199
+
Due to the lack of TLS or other cryptography, cloning over `git://` might lead to an arbitrary code execution vulnerability, and should therefore be avoided unless you know what you are doing.
200
+
201
+
* If you run `git clone git://example.com/project.git`, an attacker who controls e.g your router can modify the repo you just cloned, inserting malicious code into it. If you then compile/run the code you just cloned, you will execute the malicious code.
202
+
Running `git clone http://example.com/project.git` should be avoided for the same reason.
203
+
* Running `git clone https://example.com/project.git` does not suffer from the same problem (unless the attacker can provide a TLS certificate for example.com).
204
+
Running `git clone [email protected]:project.git` only suffers from this problem if you accept a wrong ssh key fingerprint.
205
+
206
+
It also has no authentication, i.e. anyone can clone the repo (although this is often exactly what you want).
202
207
It's also probably the most difficult protocol to set up.
203
208
It must run its own daemon, which requires `xinetd` or `systemd` configuration or the like, which isn't always a walk in the park.
204
209
It also requires firewall access to port 9418, which isn't a standard port that corporate firewalls always allow.
0 commit comments