unsafe {
git2_curl::register(handle);
}
+
+ // Disabling the owner validation in git can, in theory, lead to code execution
+ // vulnerabilities. However, libgit2 does not launch executables, which is the foundation of
+ // the original security issue. Meanwhile, issues with refusing to load git repos in
+ // `CARGO_HOME` for example will likely be very frustrating for users. So, we disable the
+ // validation.
+ //
+ // For further discussion of Cargo's current interactions with git, see
+ //
+ // https://github.com/rust-lang/rfcs/pull/3279
+ //
+ // and in particular the subsection on "Git support".
+ //
+ // Note that we only disable this when Cargo is run as a binary. If Cargo is used as a library,
+ // this code won't be invoked. Instead, developers will need to explicitly disable the
+ // validation in their code. This is inconvenient, but won't accidentally open consuming
+ // applications up to security issues if they use git2 to open repositories elsewhere in their
+ // code.
+ unsafe {
+ if git2::opts::set_verify_owner_validation(false).is_err() {
+ return;
+ }
+ }
}
projects / cargo.git / commitdiff